All the vulnerabilites related to vim - vim
cve-2023-0049
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c"
},
{
"name": "FEDORA-2023-0f6a9433cf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/"
},
{
"name": "FEDORA-2023-208f2107d5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1143",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9"
},
{
"url": "https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c"
},
{
"name": "FEDORA-2023-0f6a9433cf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/"
},
{
"name": "FEDORA-2023-208f2107d5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "5e6f325c-ba54-4bf0-b050-dca048fd3fd9",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0049",
"datePublished": "2023-01-04T00:00:00",
"dateReserved": "2023-01-04T00:00:00",
"dateUpdated": "2024-08-02T04:54:32.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3875
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3489",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:08:24",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3875",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3489"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53"
},
{
"name": "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f"
},
{
"name": "FEDORA-2021-84f4cf3244",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3875",
"datePublished": "2021-10-15T13:40:20",
"dateReserved": "2021-10-09T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1720
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4956",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8"
},
{
"url": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "5ccfb386-7eb9-46e5-98e5-243ea4b358a8",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in function grab_file_name in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1720",
"datePublished": "2022-05-16T00:00:00",
"dateReserved": "2022-05-14T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0051
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1144",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9"
},
{
"url": "https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "1c8686db-baa6-42dc-ba45-aed322802de9",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0051",
"datePublished": "2023-01-04T00:00:00",
"dateReserved": "2023-01-04T00:00:00",
"dateUpdated": "2024-08-02T04:54:32.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3294
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2008/Jul/0312.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/494535/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/2146/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/31681 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/494532/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/31159 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32222 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2780 | vdb-entry, x_refsource_VUPEN | |
| http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT3216 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/494736/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
},
{
"name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
},
{
"name": "ADV-2008-2146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2146/references"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
},
{
"name": "31159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31159"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
},
{
"name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
},
{
"name": "ADV-2008-2146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2146/references"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
},
{
"name": "31159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31159"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
},
{
"name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
},
{
"name": "ADV-2008-2146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2146/references"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
},
{
"name": "31159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31159"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3294",
"datePublished": "2008-07-24T18:00:00",
"dateReserved": "2008-07-24T00:00:00",
"dateUpdated": "2024-08-07T09:37:25.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3153
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"
},
{
"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "68331124-620d-48bc-a8fa-cd947b26270a",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3153",
"datePublished": "2022-09-08T00:00:00",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4019
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142"
},
{
"name": "FEDORA-2021-469afb66c9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3669",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92"
},
{
"url": "https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142"
},
{
"name": "FEDORA-2021-469afb66c9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "d8798584-a6c9-4619-b18f-001b9a6fca92",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4019",
"datePublished": "2021-12-01T00:00:00",
"dateReserved": "2021-11-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0943
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3"
},
{
"name": "FEDORA-2022-b718ebbfce",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4563",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1"
},
{
"url": "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3"
},
{
"name": "FEDORA-2022-b718ebbfce",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "9e4de32f-ad5f-4830-b3ae-9467b5ab90a1",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow occurs in vim in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0943",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3134
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0389",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0389."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc"
},
{
"url": "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3134",
"datePublished": "2022-09-06T00:00:00",
"dateReserved": "2022-09-05T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1264
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1392",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815"
},
{
"url": "https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"source": {
"advisory": "b2989095-88f3-413a-9a39-c1c58a6e6815",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1264",
"datePublished": "2023-03-07T00:00:00",
"dateReserved": "2023-03-07T00:00:00",
"dateUpdated": "2024-08-02T05:40:59.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3974
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4"
},
{
"url": "https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "e402cb2c-8ec4-4828-a692-c95f8e0de6d4",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3974",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1381
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
},
{
"name": "FEDORA-2022-e304fffd34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
},
{
"name": "FEDORA-2022-b605768c94",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4763",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
},
{
"url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
},
{
"name": "FEDORA-2022-e304fffd34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
},
{
"name": "FEDORA-2022-b605768c94",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
"discovery": "EXTERNAL"
},
"title": "global heap buffer overflow in skip_range in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1381",
"datePublished": "2022-04-17T00:00:00",
"dateReserved": "2022-04-16T00:00:00",
"dateUpdated": "2024-08-03T00:03:05.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48234
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq"
},
{
"name": "https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2109"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:52:50.866Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq"
},
{
"name": "https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0004/"
}
],
"source": {
"advisory": "GHSA-59gw-c949-6phq",
"discovery": "UNKNOWN"
},
"title": "overflow in nv_z_get_count in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48234",
"datePublished": "2023-11-16T22:52:50.866Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3075
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "oval:org.mitre.oval:def:10246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "32463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32463"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "oval:org.mitre.oval:def:10246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "32463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32463"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "oval:org.mitre.oval:def:10246",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467432",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "32463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32463"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3075",
"datePublished": "2009-02-21T22:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1160
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4647",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a6f3222d-2472-439d-8881-111138a5694c",
"discovery": "EXTERNAL"
},
"title": "heap buffer overflow in get_one_sourceline in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1160",
"datePublished": "2022-03-30T00:00:00",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2571
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0101",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:12:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614"
}
],
"source": {
"advisory": "2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2571",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0.0101"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571"
},
{
"name": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614"
}
]
},
"source": {
"advisory": "2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2571",
"datePublished": "2022-08-01T14:12:09",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4192
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22"
},
{
"url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "6dd9cb2e-a940-4093-856e-59b502429f22",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4192",
"datePublished": "2021-12-31T00:00:00",
"dateReserved": "2021-12-30T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48231
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765"
},
{
"name": "https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2106"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:59:37.681Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765"
},
{
"name": "https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0008/"
}
],
"source": {
"advisory": "GHSA-8g46-v9ff-c765",
"discovery": "UNKNOWN"
},
"title": "Use-After-Free in win_close() in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48231",
"datePublished": "2023-11-16T22:59:37.681Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3968
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3610",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:09:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "00d62924-a7b4-4a61-ba29-acab2eaa1528",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3968",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3610"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528"
},
{
"name": "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"
},
{
"name": "FEDORA-2021-5cd9df120e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "00d62924-a7b4-4a61-ba29-acab2eaa1528",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3968",
"datePublished": "2021-11-19T11:40:12",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41957
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:42.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/01/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:31:59.324596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:16.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.0647"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. Vim \u003c v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:42.921Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4"
},
{
"name": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a"
}
],
"source": {
"advisory": "GHSA-f9cr-gv85-hcr4",
"discovery": "UNKNOWN"
},
"title": "Vim double free in src/alloc.c:616"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41957",
"datePublished": "2024-08-01T21:41:42.921Z",
"dateReserved": "2024-07-24T16:51:40.950Z",
"dateUpdated": "2024-11-29T12:04:42.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4781
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1873",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T18:32:30.859Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883"
},
{
"url": "https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "c867eb0a-aa8b-4946-a621-510350673883",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4781",
"datePublished": "2023-09-05T18:32:30.859Z",
"dateReserved": "2023-09-05T18:32:20.319Z",
"dateUpdated": "2024-08-02T07:38:00.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3256
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0530",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0530."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3"
},
{
"url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8336a3df-212a-4f8d-ae34-76ef1f936bb3",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3256",
"datePublished": "2022-09-22T00:00:00",
"dateReserved": "2022-09-21T00:00:00",
"dateUpdated": "2024-08-03T01:07:05.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2287
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284"
},
{
"url": "https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "654aa069-3a9d-45d3-9a52-c1cf3490c284",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2287",
"datePublished": "2022-07-02T00:00:00",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0413
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
},
{
"url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "563d1e8f-5c3d-4669-941c-3216f4a87c38",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0413",
"datePublished": "2022-01-30T00:00:00",
"dateReserved": "2022-01-29T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0158
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://support.apple.com/kb/HT213183 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Mar/29 | mailing-list, x_refsource_FULLDISC | |
| https://support.apple.com/kb/HT213344 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Jul/13 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39"
},
{
"name": "FEDORA-2022-20e66c6698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:11:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39"
},
{
"name": "FEDORA-2022-20e66c6698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0158",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b"
},
{
"name": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39"
},
{
"name": "FEDORA-2022-20e66c6698",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213344",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0158",
"datePublished": "2022-01-10T15:25:35",
"dateReserved": "2022-01-09T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3037
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb"
},
{
"name": "FEDORA-2022-221bd89404",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/"
},
{
"name": "FEDORA-2022-35d9bdb7dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0322."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T03:06:28",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb"
},
{
"name": "FEDORA-2022-221bd89404",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/"
},
{
"name": "FEDORA-2022-35d9bdb7dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
}
],
"source": {
"advisory": "af4c2f2d-d754-4607-b565-9e92f3f717b5",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3037",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0.0322"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0322."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5"
},
{
"name": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb"
},
{
"name": "FEDORA-2022-221bd89404",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/"
},
{
"name": "FEDORA-2022-35d9bdb7dc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/"
},
{
"name": "FEDORA-2022-b9edf60581",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
}
]
},
"source": {
"advisory": "af4c2f2d-d754-4607-b565-9e92f3f717b5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3037",
"datePublished": "2022-08-30T20:35:10",
"dateReserved": "2022-08-29T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4069
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9"
},
{
"name": "FEDORA-2021-541ddd1f94",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74"
},
{
"url": "https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9"
},
{
"name": "FEDORA-2021-541ddd1f94",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "0efd6d23-2259-4081-9ff1-3ade26907d74",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4069",
"datePublished": "2021-12-06T00:00:00",
"dateReserved": "2021-12-05T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20807
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/releases/tag/v8.1.0881 | x_refsource_MISC | |
| https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://support.apple.com/kb/HT211289 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2020/Jul/24 | mailing-list, x_refsource_FULLDISC | |
| https://usn.ubuntu.com/4582-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html | mailing-list, x_refsource_MLIST | |
| https://www.starwindsoftware.com/security/sw-20220812-0003/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T11:39:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vim/vim/releases/tag/v8.1.0881",
"refsource": "MISC",
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"name": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"name": "https://support.apple.com/kb/HT211289",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "https://www.starwindsoftware.com/security/sw-20220812-0003/",
"refsource": "MISC",
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20807",
"datePublished": "2020-05-28T13:05:50",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1629
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4925",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
},
{
"url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "e26d08d4-1886-41f0-9af4-f3e1bf3d52ee",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in function find_next_quote in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1629",
"datePublished": "2022-05-10T00:00:00",
"dateReserved": "2022-05-09T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4292
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0005/"
},
{
"name": "FEDORA-2023-340f1d6ab9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0882",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0882."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b"
},
{
"url": "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230113-0005/"
},
{
"name": "FEDORA-2023-340f1d6ab9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "da3d4c47-e57a-451e-993d-9df0ed31f57b",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4292",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-12-05T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3352
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0614",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0614."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60"
},
{
"url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "d058f182-a49b-40c7-9234-43d4c5a29f60",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3352",
"datePublished": "2022-09-29T00:00:00",
"dateReserved": "2022-09-28T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2289
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64"
},
{
"url": "https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "7447d2ea-db5b-4883-adf4-1eaf7deace64",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2289",
"datePublished": "2022-07-03T00:00:00",
"dateReserved": "2022-07-02T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2264
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c"
},
{
"url": "https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "2241c773-02c9-4708-b63e-54aef99afa6c",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2264",
"datePublished": "2022-07-01T00:00:00",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0288
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a"
},
{
"name": "FEDORA-2023-340f1d6ab9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1189",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3"
},
{
"url": "https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a"
},
{
"name": "FEDORA-2023-340f1d6ab9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
}
],
"source": {
"advisory": "550a0852-9be0-4abe-906c-f803b34e41d3",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0288",
"datePublished": "2023-01-13T00:00:00",
"dateReserved": "2023-01-13T00:00:00",
"dateUpdated": "2024-08-02T05:02:44.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0443
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51"
},
{
"url": "https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "b987c8cb-bbbe-4601-8a6c-54ff907c6b51",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0443",
"datePublished": "2022-02-02T00:00:00",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1175
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1378",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e"
},
{
"url": "https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"source": {
"advisory": "7e93fc17-92eb-4ae7-b01a-93bb460b643e",
"discovery": "EXTERNAL"
},
"title": "Incorrect Calculation of Buffer Size in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1175",
"datePublished": "2023-03-04T00:00:00",
"dateReserved": "2023-03-04T00:00:00",
"dateUpdated": "2024-08-02T05:40:58.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3432
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "oval:org.mitre.oval:def:11203",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
},
{
"name": "oval:org.mitre.oval:def:5987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "vim-mchexpandwildcards-bo(44722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
},
{
"name": "30648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30648"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "oval:org.mitre.oval:def:11203",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
},
{
"name": "oval:org.mitre.oval:def:5987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "vim-mchexpandwildcards-bo(44722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
},
{
"name": "30648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30648"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3432",
"datePublished": "2008-10-10T10:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2288
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad"
},
{
"url": "https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2288",
"datePublished": "2022-07-03T00:00:00",
"dateReserved": "2022-07-02T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48233
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj"
},
{
"name": "https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:55:31.353Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj"
},
{
"name": "https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0003/"
}
],
"source": {
"advisory": "GHSA-3xx4-hcq6-r2vj",
"discovery": "UNKNOWN"
},
"title": "overflow with count for :s command in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48233",
"datePublished": "2023-11-16T22:55:31.353Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2344
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0045",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996"
},
{
"url": "https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "4a095ed9-3125-464a-b656-c31b437e1996",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2344",
"datePublished": "2022-07-08T00:00:00",
"dateReserved": "2022-07-07T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2816
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0212",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58"
},
{
"url": "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "e2a83037-fcf9-4218-b2b9-b7507dacde58",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2816",
"datePublished": "2022-08-15T00:00:00",
"dateReserved": "2022-08-14T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2598
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T07:06:21.160Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e"
},
{
"url": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "2f08363a-47a2-422d-a7de-ce96a89ad08e",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write to API in vim/vim",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2598",
"datePublished": "2022-08-01T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T00:46:03.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1968
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b"
},
{
"url": "https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "949090e5-f4ea-4edf-bd79-cd98f0498a5b",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1968",
"datePublished": "2022-06-02T00:00:00",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0417
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a"
},
{
"url": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0417",
"datePublished": "2022-02-01T00:00:00",
"dateReserved": "2022-01-30T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3591
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0789",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0789."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921"
},
{
"url": "https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a5a998c2-4b07-47a7-91be-dbc1886b3921",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3591",
"datePublished": "2022-12-02T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-08-03T01:14:02.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4734
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1846",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T17:42:18.019Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "688e4382-d2b6-439a-a54e-484780f82217",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4734",
"datePublished": "2023-09-02T17:42:18.019Z",
"dateReserved": "2023-09-02T17:42:08.125Z",
"dateUpdated": "2024-08-02T07:38:00.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4136
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3846",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T07:07:32",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "5c6b93c1-2d27-4e98-a931-147877b8c938",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4136",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3846"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938"
},
{
"name": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "https://support.apple.com/kb/HT213343",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "5c6b93c1-2d27-4e98-a931-147877b8c938",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4136",
"datePublished": "2021-12-19T17:00:10",
"dateReserved": "2021-12-18T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0368
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
},
{
"url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0368",
"datePublished": "2022-01-26T00:00:00",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3491
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0742",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb"
},
{
"url": "https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "6e6e05c2-2cf7-4aa5-a817-a62007bf92cb",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3491",
"datePublished": "2022-12-03T00:00:00",
"dateReserved": "2022-10-13T00:00:00",
"dateUpdated": "2024-08-03T01:14:01.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4166
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Out-of-bounds Read"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T06:14:34",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "229df5dd-5507-44e9-832c-c70364bdf035",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4166",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Out-of-bounds Read"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035"
},
{
"name": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "https://support.apple.com/kb/HT213343",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "229df5dd-5507-44e9-832c-c70364bdf035",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4166",
"datePublished": "2021-12-25T18:15:09",
"dateReserved": "2021-12-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0392
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126"
},
{
"url": "https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"source": {
"advisory": "d00a2acd-1935-4195-9d5b-4115ef6b3126",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0392",
"datePublished": "2022-01-28T00:00:00",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2982
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0260",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0260."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be"
},
{
"url": "https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "53f53d9a-ba8a-4985-b7ba-23efbe6833be",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2982",
"datePublished": "2022-08-25T00:00:00",
"dateReserved": "2022-08-24T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4735
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1847",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T17:46:39.657Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51"
},
{
"url": "https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "fc83bde3-f621-42bd-aecb-8c1ae44cba51",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4735",
"datePublished": "2023-09-02T17:46:39.657Z",
"dateReserved": "2023-09-02T17:46:33.136Z",
"dateUpdated": "2024-08-02T07:37:59.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2231
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5"
},
{
"url": "https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8dae6ab4-7a7a-4716-a65c-9b090fa057b5",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2231",
"datePublished": "2022-06-28T00:00:00",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1769
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4"
},
{
"name": "FEDORA-2022-d6d1ac4ca7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4974",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c"
},
{
"url": "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4"
},
{
"name": "FEDORA-2022-d6d1ac4ca7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "522076b2-96cb-4df6-a504-e6e2f64c171c",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1769",
"datePublished": "2022-05-17T00:00:00",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2000
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5"
},
{
"name": "FEDORA-2022-c302c5f62d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0"
},
{
"url": "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5"
},
{
"name": "FEDORA-2022-c302c5f62d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "f61a64e2-d163-461b-a77e-46ab38e021f0",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2000",
"datePublished": "2022-06-07T00:00:00",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3234
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0483",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da"
},
{
"url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "90fdf374-bf04-4386-8a23-38c83b88f0da",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3234",
"datePublished": "2022-09-17T00:00:00",
"dateReserved": "2022-09-16T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43790
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T16:42:30.460971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T16:42:39.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:12.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c v9.1.0689"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T21:23:07.797Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm"
},
{
"name": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc"
}
],
"source": {
"advisory": "GHSA-v2x2-cjcg-f9jm",
"discovery": "UNKNOWN"
},
"title": "heap-buffer-overflow in do_search() in Vim \u003c 9.1.0689"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43790",
"datePublished": "2024-08-22T21:23:07.797Z",
"dateReserved": "2024-08-16T14:20:37.323Z",
"dateUpdated": "2024-09-20T16:03:12.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0261
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82"
},
{
"url": "https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "fa795954-8775-4f23-98c6-d4d4d3fe8a82",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0261",
"datePublished": "2022-01-18T00:00:00",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2817
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0213",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0213."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f"
},
{
"url": "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a7b7d242-3d88-4bde-a681-6c986aff886f",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2817",
"datePublished": "2022-08-15T00:00:00",
"dateReserved": "2022-08-14T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2284
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874"
},
{
"url": "https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "571d25ce-8d53-4fa0-b620-27f2a8a14874",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2284",
"datePublished": "2022-07-02T00:00:00",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2980
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0259",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea"
},
{
"url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "6e7b12a5-242c-453d-b39e-9625d563b0ea",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2980",
"datePublished": "2022-08-25T00:00:00",
"dateReserved": "2022-08-24T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4752
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1858",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1858."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T13:46:57.231Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757"
},
{
"url": "https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "85f62dd7-ed84-4fa2-b265-8a369a318757",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4752",
"datePublished": "2023-09-04T13:46:57.231Z",
"dateReserved": "2023-09-03T19:27:38.107Z",
"dateUpdated": "2024-08-02T07:38:00.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1942
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071"
},
{
"url": "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "67ca4d3b-9175-43c1-925c-72a7091bc071",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1942",
"datePublished": "2022-05-31T00:00:00",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-08-03T00:24:42.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3896
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OpenCloudOS | OpenCloudOS Stream |
Version: 9.0.1367-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/issues/12528"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/pull/12540"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0012/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vim",
"vendor": "vim",
"versions": [
{
"lessThanOrEqual": "9.0.1367-3",
"status": "affected",
"version": "9.0.1367-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T19:45:06.954260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:59:18.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "VIM",
"platforms": [
"Linux",
"x86",
"64 bit",
"32 bit"
],
"product": "OpenCloudOS Stream",
"repo": "https://gitee.com/opencloudos-stream/vim",
"vendor": "OpenCloudOS",
"versions": [
{
"lessThanOrEqual": "9.0.1367-3",
"status": "affected",
"version": "9.0.1367-1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "fullwaywang (Tencent Yunding Lab)"
}
],
"datePublic": "2023-08-07T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDivide By Zero in vim/vim from\u0026nbsp;9.0.1367-1 to\u0026nbsp;9.0.1367-3\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Divide By Zero in vim/vim from\u00a09.0.1367-1 to\u00a09.0.1367-3\n"
}
],
"impacts": [
{
"capecId": "CAPEC-103",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-103 Clickjacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T12:13:37.229Z",
"orgId": "03686db1-8513-43c4-b487-c6ad847afd3a",
"shortName": "OpenCloudOS"
},
"references": [
{
"url": "https://github.com/vim/vim/issues/12528"
},
{
"url": "https://github.com/vim/vim/pull/12540"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0012/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A divide by zero issue existed in vim of OpenCloudOS Stream",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "03686db1-8513-43c4-b487-c6ad847afd3a",
"assignerShortName": "OpenCloudOS",
"cveId": "CVE-2023-3896",
"datePublished": "2023-08-07T12:13:37.229Z",
"dateReserved": "2023-07-25T03:11:49.115Z",
"dateUpdated": "2024-10-10T19:59:18.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1420
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca"
},
{
"name": "FEDORA-2022-e304fffd34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
},
{
"name": "FEDORA-2022-b605768c94",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4774",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326"
},
{
"url": "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca"
},
{
"name": "FEDORA-2022-e304fffd34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
},
{
"name": "FEDORA-2022-b605768c94",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a4323ef8-90ea-4e1c-90e9-c778f0ecf326",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1420",
"datePublished": "2022-04-21T00:00:00",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6349
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-26 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037949 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96451 | vdb-entry, x_refsource_BID | |
| https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA | x_refsource_MISC | |
| https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y | x_refsource_MISC | |
| https://usn.ubuntu.com/4309-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c"
},
{
"name": "96451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c"
},
{
"name": "96451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037949"
},
{
"name": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c"
},
{
"name": "96451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96451"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6349",
"datePublished": "2017-02-27T07:25:00",
"dateReserved": "2017-02-26T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4101
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[vim-dev] 20080903 Patch 7.2.010",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010"
},
{
"name": "RHSA-2008:0618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/5"
},
{
"name": "31592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31592"
},
{
"name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495703"
},
{
"name": "USN-712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/4"
},
{
"name": "oval:org.mitre.oval:def:10894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/6"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "vim-normal-command-execution(44626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "30795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30795"
},
{
"name": "oval:org.mitre.oval:def:5812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2"
},
{
"name": "[oss-security] 20080911 [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/3"
},
{
"name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495662"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "32864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32864"
},
{
"name": "[vim_dev] 20080824 Bug with v_K and potentially K command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-K.html"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[vim-dev] 20080903 Patch 7.2.010",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010"
},
{
"name": "RHSA-2008:0618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/5"
},
{
"name": "31592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31592"
},
{
"name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495703"
},
{
"name": "USN-712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/4"
},
{
"name": "oval:org.mitre.oval:def:10894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/6"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "vim-normal-command-execution(44626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "30795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30795"
},
{
"name": "oval:org.mitre.oval:def:5812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2"
},
{
"name": "[oss-security] 20080911 [oss-list] CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/3"
},
{
"name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495662"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "32864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32864"
},
{
"name": "[vim_dev] 20080824 Bug with v_K and potentially K command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-K.html"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[vim-dev] 20080903 Patch 7.2.010",
"refsource": "MLIST",
"url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010"
},
{
"name": "RHSA-2008:0618",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/5"
},
{
"name": "31592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31592"
},
{
"name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495703"
},
{
"name": "USN-712-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/4"
},
{
"name": "oval:org.mitre.oval:def:10894",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/6"
},
{
"name": "32858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "vim-normal-command-execution(44626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626"
},
{
"name": "ADV-2009-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461927",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "30795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30795"
},
{
"name": "oval:org.mitre.oval:def:5812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812"
},
{
"name": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2"
},
{
"name": "[oss-security] 20080911 [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/3"
},
{
"name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495662"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "32864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32864"
},
{
"name": "[vim_dev] 20080824 Bug with v_K and potentially K command",
"refsource": "MLIST",
"url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33"
},
{
"name": "http://www.rdancer.org/vulnerablevim-K.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-K.html"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e"
},
{
"name": "RHSA-2008:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4101",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4193
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3901",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Out-of-bounds Read"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0"
},
{
"url": "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "92c1940d-8154-473f-84ce-0de43b0c2eb0",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4193",
"datePublished": "2021-12-31T00:00:00",
"dateReserved": "2021-12-30T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1735
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:58.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4969",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9"
},
{
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "c9f85608-ff11-48e4-933d-53d1759d44d9",
"discovery": "EXTERNAL"
},
"title": " Classic Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1735",
"datePublished": "2022-05-17T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T00:16:58.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1897
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118"
},
{
"url": "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "82c12151-c283-40cf-aa05-2e39efa89118",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1897",
"datePublished": "2022-05-27T00:00:00",
"dateReserved": "2022-05-26T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2042
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba"
},
{
"url": "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8628b4cd-4055-4059-aed4-64f7fdc10eba",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2042",
"datePublished": "2022-06-10T00:00:00",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4733
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1840",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1840."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T13:47:09.888Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217"
},
{
"url": "https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "1ce1fd8c-050a-4373-8004-b35b61590217",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4733",
"datePublished": "2023-09-04T13:47:09.888Z",
"dateReserved": "2023-09-02T17:04:04.506Z",
"dateUpdated": "2024-08-02T07:37:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0714
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "FEDORA-2022-63ca9a1129",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4436",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3"
},
{
"url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "FEDORA-2022-63ca9a1129",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "db70e8db-f309-4f3c-986c-e69d2415c3b3",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0714",
"datePublished": "2022-02-22T00:00:00",
"dateReserved": "2022-02-21T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5535
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:46:02.413050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:49:24.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "v9.0.2010",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to v9.0.2010."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T19:12:21.957Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f"
},
{
"url": "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
}
],
"source": {
"advisory": "2c2d85a7-1171-4014-bf7f-a2451745861f",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5535",
"datePublished": "2023-10-11T19:12:21.957Z",
"dateReserved": "2023-10-11T19:12:10.998Z",
"dateUpdated": "2024-09-17T13:49:24.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2183
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975"
},
{
"url": "https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "d74ca3f9-380d-4c0a-b61c-11113cc98975",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2183",
"datePublished": "2022-06-23T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3278
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0552",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612"
},
{
"url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a9fad77e-f245-4ce9-ba15-c7d4c86c4612",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3278",
"datePublished": "2022-09-23T00:00:00",
"dateReserved": "2022-09-22T00:00:00",
"dateUpdated": "2024-08-03T01:07:05.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1620
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4901",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51"
},
{
"url": "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "7a4c59f3-fcc0-4496-995d-5ca6acd2da51",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1620",
"datePublished": "2022-05-08T00:00:00",
"dateReserved": "2022-05-07T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3796
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "FEDORA-2021-968f57ec98",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThanOrEqual": "8.2.3428",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d"
},
{
"url": "https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "FEDORA-2021-968f57ec98",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0004/"
}
],
"source": {
"advisory": "ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3796",
"datePublished": "2021-09-15T00:00:00",
"dateReserved": "2021-09-11T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48232
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw"
},
{
"name": "https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2107"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the \u0027n\u0027 flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the \u0027cpo\u0027 setting includes the \u0027n\u0027 flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:57:17.462Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw"
},
{
"name": "https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0006/"
}
],
"source": {
"advisory": "GHSA-f6cx-x634-hqpw",
"discovery": "UNKNOWN"
},
"title": "Floating point Exception in adjust_plines_for_skipcol() in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48232",
"datePublished": "2023-11-16T22:57:17.462Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6235
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://www.rdancer.org/vulnerablevim-netrw.v5.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2008/10/20/2 | mailing-list, x_refsource_MLIST | |
| http://www.rdancer.org/vulnerablevim-netrw.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2008/10/16/2 | mailing-list, x_refsource_MLIST | |
| http://www.redhat.com/support/errata/RHSA-2008-0580.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/34418 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.rdancer.org/vulnerablevim-netrw.v2.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "oval:org.mitre.oval:def:11247",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "oval:org.mitre.oval:def:11247",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw.v5.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "oval:org.mitre.oval:def:11247",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6235",
"datePublished": "2009-02-21T23:00:00",
"dateReserved": "2009-02-21T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3296
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0577",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077"
},
{
"url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "958866b8-526a-4979-9471-39392e0c9077",
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3296",
"datePublished": "2022-09-25T00:00:00",
"dateReserved": "2022-09-24T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0213
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed"
},
{
"url": "https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "f3afe1a5-e6f8-4579-b68a-6e5c7e39afed",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0213",
"datePublished": "2022-01-14T00:00:00",
"dateReserved": "2022-01-13T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43374
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:11.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/15/6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T16:10:21.274712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T16:10:33.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.0678"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T23:47:38.255Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw"
},
{
"name": "https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8"
}
],
"source": {
"advisory": "GHSA-2w8m-443v-cgvw",
"discovery": "UNKNOWN"
},
"title": "Vim heap-use-after-free in src/arglist.c:207"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43374",
"datePublished": "2024-08-15T23:47:38.255Z",
"dateReserved": "2024-08-09T14:23:55.514Z",
"dateUpdated": "2024-09-20T16:03:11.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2946
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0246",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0246."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5"
},
{
"url": "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "5d389a18-5026-47df-a5d0-1548a9b555d5",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2946",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0361
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b"
},
{
"url": "https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "a055618c-0311-409c-a78a-99477121965b",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0361",
"datePublished": "2022-01-26T00:00:00",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1796
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4979",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2.4979."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e"
},
{
"url": "https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "f6739b58-49f9-4056-a843-bf76bbc1253e",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1796",
"datePublished": "2022-05-19T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3324
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0598",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c"
},
{
"url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "e414e55b-f332-491f-863b-c18dca97403c",
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3324",
"datePublished": "2022-09-27T00:00:00",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47814
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:12:43.174675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:12:51.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c v9.1.0764"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. A use-after-free was found in Vim \u003c 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T21:16:01.796Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg"
},
{
"name": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3"
}
],
"source": {
"advisory": "GHSA-rj48-v4mq-j4vg",
"discovery": "UNKNOWN"
},
"title": "use-after-free when closing buffers in Vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47814",
"datePublished": "2024-10-07T21:16:01.796Z",
"dateReserved": "2024-10-03T14:06:12.637Z",
"dateUpdated": "2024-10-08T14:12:51.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2129
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352"
},
{
"url": "https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "3aaf06e7-9ae1-454d-b8ca-8709c98e5352",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2129",
"datePublished": "2022-06-19T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4736
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1833",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T18:02:05.557Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71"
},
{
"url": "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "e1ce0995-4df4-4dec-9cd7-3136ac3e8e71",
"discovery": "EXTERNAL"
},
"title": "Untrusted Search Path in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4736",
"datePublished": "2023-09-02T18:02:05.557Z",
"dateReserved": "2023-09-02T18:01:52.802Z",
"dateUpdated": "2024-08-02T07:37:59.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2210
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25"
},
{
"url": "https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "020845f8-f047-4072-af0f-3726fe1aea25",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2210",
"datePublished": "2022-06-27T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4738
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1848",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T19:39:14.290Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "9fc7dced-a7bb-4479-9718-f956df20f612",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4738",
"datePublished": "2023-09-02T19:39:14.290Z",
"dateReserved": "2023-09-02T19:39:04.775Z",
"dateUpdated": "2024-08-02T07:37:59.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0319
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b"
},
{
"url": "https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "ba622fd2-e6ef-4ad9-95b4-17f87b68755b",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0319",
"datePublished": "2022-01-21T00:00:00",
"dateReserved": "2022-01-20T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3016
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0286",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0286."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371"
},
{
"url": "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "260516c2-5c4a-4b7f-a01c-04b1aeeea371",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3016",
"datePublished": "2022-08-28T00:00:00",
"dateReserved": "2022-08-27T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20079
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/154898 | x_refsource_MISC | |
| https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136 | x_refsource_MISC | |
| https://usn.ubuntu.com/4309-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/154898"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/154898"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421"
},
{
"name": "https://packetstormsecurity.com/files/154898",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/154898"
},
{
"name": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136",
"refsource": "MISC",
"url": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136"
},
{
"name": "USN-4309-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20079",
"datePublished": "2019-12-30T00:04:13",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1674
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060"
},
{
"name": "FEDORA-2022-d20b51de9c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4938",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385"
},
{
"url": "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060"
},
{
"name": "FEDORA-2022-d20b51de9c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a74ba4a4-7a39-4a22-bde3-d2f8ee07b385",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1674",
"datePublished": "2022-05-12T00:00:00",
"dateReserved": "2022-05-11T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1851
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d"
},
{
"url": "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "f8af901a-9a46-440d-942a-8f815b59394d",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1851",
"datePublished": "2022-05-25T00:00:00",
"dateReserved": "2022-05-24T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1886
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a"
},
{
"url": "https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "fa0ad526-b608-45b3-9ebc-f2b607834d6a",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1886",
"datePublished": "2022-05-26T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3235
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0490",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0490."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af"
},
{
"url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "96d5f7a0-a834-4571-b73b-0fe523b941af",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3235",
"datePublished": "2022-09-18T00:00:00",
"dateReserved": "2022-09-17T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20703
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/issues/5041"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-20703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T18:01:25.793557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:01:46.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vim/vim/issues/5041"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20703",
"datePublished": "2023-06-20T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-12-10T18:01:46.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11109
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1468492 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4309-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4309-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11109",
"datePublished": "2017-07-08T17:00:00",
"dateReserved": "2017-07-08T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1927
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777"
},
{
"url": "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "945107ef-0b27-41c7-a03c-db99def0e777",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1927",
"datePublished": "2022-05-29T00:00:00",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2124
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42"
},
{
"url": "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8e9e056d-f733-4540-98b6-414bf36e0b42",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2124",
"datePublished": "2022-06-19T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2343
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0044",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5"
},
{
"url": "https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "2ecb4345-2fc7-4e7f-adb0-83a20bb458f5",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2343",
"datePublished": "2022-07-08T00:00:00",
"dateReserved": "2022-07-07T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2426
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b"
},
{
"name": "FEDORA-2023-d6baa1d93e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213844"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213845"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2426",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T19:41:38.134588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T16:28:36.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1499",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T07:06:19.413263",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425"
},
{
"url": "https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b"
},
{
"name": "FEDORA-2023-d6baa1d93e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"url": "https://support.apple.com/kb/HT213844"
},
{
"url": "https://support.apple.com/kb/HT213845"
}
],
"source": {
"advisory": "3451be4c-91c8-4d08-926b-cbff7396f425",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2426",
"datePublished": "2023-04-29T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-10-15T16:28:36.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4187
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:06:36",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4187",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Use After Free"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e"
},
{
"name": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "https://support.apple.com/kb/HT213343",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4187",
"datePublished": "2021-12-29T17:10:09",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1621
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4919",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb"
},
{
"url": "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "520ce714-bfd2-4646-9458-f52cd22bb2fb",
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in vim_strncpy find_word in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1621",
"datePublished": "2022-05-09T00:00:00",
"dateReserved": "2022-05-08T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0696
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4428",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"source": {
"advisory": "7416c2cb-1809-4834-8989-e84ff033f15f",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0696",
"datePublished": "2022-02-21T00:00:00",
"dateReserved": "2022-02-20T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0054
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1145",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d"
},
{
"url": "https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"source": {
"advisory": "b289ee0f-fd16-4147-bd01-c6289c45e49d",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0054",
"datePublished": "2023-01-04T00:00:00",
"dateReserved": "2023-01-04T00:00:00",
"dateUpdated": "2024-08-02T04:54:32.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4173
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:09:07",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "a1b236b9-89fb-4ccf-9689-ba11b471e766",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4173",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Use After Free"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766"
},
{
"name": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "https://support.apple.com/kb/HT213343",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "a1b236b9-89fb-4ccf-9689-ba11b471e766",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4173",
"datePublished": "2021-12-27T12:25:12",
"dateReserved": "2021-12-26T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4751
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4751",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-05T16:57:55.979341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:59:04.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1331",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T18:54:47.173Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378"
},
{
"url": "https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "db7be8d6-6cb7-4ae5-9c4e-805423afa378",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4751",
"datePublished": "2023-09-03T18:54:47.173Z",
"dateReserved": "2023-09-03T18:54:37.128Z",
"dateUpdated": "2024-12-03T14:59:04.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0685
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4418",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0685",
"datePublished": "2022-02-20T00:00:00",
"dateReserved": "2022-02-19T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1619
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4899",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450"
},
{
"url": "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220930-0007/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "b3200483-624e-4c76-a070-e246f62a7450",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1619",
"datePublished": "2022-05-08T00:00:00",
"dateReserved": "2022-05-07T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2208
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.5163",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1"
},
{
"url": "https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "7bfe3d5b-568f-4c34-908f-a39909638cc1",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2208",
"datePublished": "2022-06-27T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48237
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87"
},
{
"name": "https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:45:57.667Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87"
},
{
"name": "https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0005/"
}
],
"source": {
"advisory": "GHSA-f2m2-v387-gv87",
"discovery": "UNKNOWN"
},
"title": "overflow in shift_line in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48237",
"datePublished": "2023-11-16T22:45:57.667Z",
"dateReserved": "2023-11-13T13:25:18.482Z",
"dateUpdated": "2024-08-02T21:23:39.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1355
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1402",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9"
},
{
"url": "https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"source": {
"advisory": "4d0a9615-d438-4f5c-8dd6-aa22f4b716d9",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1355",
"datePublished": "2023-03-11T00:00:00",
"dateReserved": "2023-03-11T00:00:00",
"dateUpdated": "2024-08-02T05:41:00.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3927
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e"
},
{
"name": "FEDORA-2021-58ab85548d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"
},
{
"name": "FEDORA-2021-cfadac570a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3581",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0"
},
{
"url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e"
},
{
"name": "FEDORA-2021-58ab85548d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"
},
{
"name": "FEDORA-2021-cfadac570a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3927",
"datePublished": "2021-11-05T00:00:00",
"dateReserved": "2021-11-04T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48235
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g"
},
{
"name": "https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2110"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an\noverflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:50:57.878Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g"
},
{
"name": "https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0007/"
}
],
"source": {
"advisory": "GHSA-6g74-hr6q-pr8g",
"discovery": "UNKNOWN"
},
"title": "overflow in ex address parsing in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48235",
"datePublished": "2023-11-16T22:50:57.878Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2175
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55"
},
{
"url": "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "7f0481c2-8b57-4324-b47c-795d1ea67e55",
"discovery": "EXTERNAL"
},
"title": "Buffer Over-read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2175",
"datePublished": "2022-06-23T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22667
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt"
},
{
"name": "FEDORA-2024-12513b5cee",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7/"
},
{
"name": "FEDORA-2024-1c85d5b179",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIQLVUSYHDN3644K6EFDI7PRZOTIKXM3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:06:07.730284",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47"
},
{
"url": "https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt"
},
{
"name": "FEDORA-2024-12513b5cee",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7/"
},
{
"name": "FEDORA-2024-1c85d5b179",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIQLVUSYHDN3644K6EFDI7PRZOTIKXM3/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22667",
"datePublished": "2024-02-05T00:00:00",
"dateReserved": "2024-01-11T00:00:00",
"dateUpdated": "2024-08-01T22:51:11.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2580
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:12:38",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d"
}
],
"source": {
"advisory": "c5f2f1d4-0441-4881-b19c-055acaa16249",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2580",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0.0102"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249"
},
{
"name": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d"
}
]
},
"source": {
"advisory": "c5f2f1d4-0441-4881-b19c-055acaa16249",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2580",
"datePublished": "2022-08-01T14:12:38",
"dateReserved": "2022-07-29T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2819
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0211",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"
},
{
"url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889"
},
{
"name": "FEDORA-2022-6f5e420e52",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "0a9bd71e-66b8-4eb1-9566-7dfd9b097e59",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2819",
"datePublished": "2022-08-15T00:00:00",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3705
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | unspecified | vim |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.212324"
},
{
"name": "FEDORA-2022-06e4f1dd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-3d354ef0fb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731"
},
{
"url": "https://vuldb.com/?id.212324"
},
{
"name": "FEDORA-2022-06e4f1dd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "FEDORA-2022-3d354ef0fb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221223-0004/"
},
{
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "vim autocmd quickfix.c qf_update_buffer use after free",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3705",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-10-26T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2125
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705"
},
{
"url": "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "17dab24d-beec-464d-9a72-5b6b11283705",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2125",
"datePublished": "2022-06-19T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43802
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/322ba9108612bead5eb | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:28:07.231057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:28:30.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-04T15:02:49.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241004-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.0697"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It\u0027s not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:48:11.979Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh"
},
{
"name": "https://github.com/vim/vim/commit/322ba9108612bead5eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/322ba9108612bead5eb"
}
],
"source": {
"advisory": "GHSA-4ghr-c62x-cqfh",
"discovery": "UNKNOWN"
},
"title": "heap-buffer-overflow in ins_typebuf() in Vim \u003c 9.1.0697"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43802",
"datePublished": "2024-08-26T18:48:11.979Z",
"dateReserved": "2024-08-16T14:20:37.326Z",
"dateUpdated": "2024-10-04T15:02:49.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0407
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:07:05",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "81822bf7-aafe-4d37-b836-1255d46e572c",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0407",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c"
},
{
"name": "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "81822bf7-aafe-4d37-b836-1255d46e572c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0407",
"datePublished": "2022-01-30T13:45:52",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0729
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "FEDORA-2022-63ca9a1129",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4440",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
},
{
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "FEDORA-2022-63ca9a1129",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0729",
"datePublished": "2022-02-23T00:00:00",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0512
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213677"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213675"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/18"
},
{
"name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/21"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1247",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide By Zero in GitHub repository vim/vim prior to 9.0.1247."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74"
},
{
"url": "https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835"
},
{
"url": "https://support.apple.com/kb/HT213677"
},
{
"url": "https://support.apple.com/kb/HT213675"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/18"
},
{
"name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/21"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"source": {
"advisory": "de83736a-1936-4872-830b-f1e9b0ad2a74",
"discovery": "EXTERNAL"
},
"title": "Divide By Zero in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0512",
"datePublished": "2023-01-26T00:00:00",
"dateReserved": "2023-01-26T00:00:00",
"dateUpdated": "2024-08-02T05:17:49.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2849
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0220",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e"
},
{
"url": "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "389aeccd-deb9-49ae-9b6a-24c12d79b02e",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2849",
"datePublished": "2022-08-17T00:00:00",
"dateReserved": "2022-08-16T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5441
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5441",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:15:24.944541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:15:40.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "20d161ace307e28690229b68584f2d84556f8960",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-05T20:30:09.121Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2"
},
{
"url": "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
}
],
"source": {
"advisory": "b54cbdf5-3e85-458d-bb38-9ea2c0b669f2",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5441",
"datePublished": "2023-10-05T20:30:09.121Z",
"dateReserved": "2023-10-05T20:29:56.622Z",
"dateUpdated": "2024-09-19T18:15:40.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0572
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f"
},
{
"name": "FEDORA-2022-9cef12c14c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf"
},
{
"url": "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f"
},
{
"name": "FEDORA-2022-9cef12c14c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "bf3e0643-03e9-4436-a1c8-74e7111c32bf",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0572",
"datePublished": "2022-02-13T00:00:00",
"dateReserved": "2022-02-12T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1733
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813"
},
{
"name": "FEDORA-2022-d6d1ac4ca7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4968",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a"
},
{
"url": "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813"
},
{
"name": "FEDORA-2022-d6d1ac4ca7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/"
},
{
"name": "FEDORA-2022-74b9e404c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/"
},
{
"name": "FEDORA-2022-d044e7e0b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "6ff03b27-472b-4bef-a2bf-410fae65ff0a",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1733",
"datePublished": "2022-05-17T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2845
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0218",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\u003c/p\u003e"
}
],
"value": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T07:47:29.572Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445"
},
{
"url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "3e1d31ac-1cfd-4a9f-bc5c-213376b69445",
"discovery": "EXTERNAL"
},
"title": "Improper Validation of Specified Quantity in Input in vim/vim",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2845",
"datePublished": "2022-08-17T00:00:00",
"dateReserved": "2022-08-16T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3520
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:08.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0765",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246"
},
{
"url": "https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "c1db3b70-f4fe-481f-8a24-0b1449c94246",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3520",
"datePublished": "2022-12-02T00:00:00",
"dateReserved": "2022-10-15T00:00:00",
"dateUpdated": "2024-11-15T13:08:08.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0408
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d"
},
{
"url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "5e635bad-5cf6-46cd-aeac-34ef224e179d",
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0408",
"datePublished": "2022-01-30T00:00:00",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3778
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "FEDORA-2021-968f57ec98",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3409",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273"
},
{
"url": "https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "FEDORA-2021-968f57ec98",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0003/"
}
],
"source": {
"advisory": "d9c17308-2c99-4f9f-a706-f7f72c24c273",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3778",
"datePublished": "2021-09-15T00:00:00",
"dateReserved": "2021-09-07T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17087
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2017/11/27/2 | x_refsource_MISC | |
| http://security.cucumberlinux.com/security/details.php?id=166 | x_refsource_MISC | |
| https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4582-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/11/27/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor\u0027s primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T23:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/11/27/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor\u0027s primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ"
},
{
"name": "http://openwall.com/lists/oss-security/2017/11/27/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/11/27/2"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=166",
"refsource": "MISC",
"url": "http://security.cucumberlinux.com/security/details.php?id=166"
},
{
"name": "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "USN-4582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17087",
"datePublished": "2017-12-01T08:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4141
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5"
},
{
"name": "FEDORA-2022-1e14f3ae45",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/"
},
{
"name": "FEDORA-2022-fc4c513d06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0947",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f"
},
{
"url": "https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5"
},
{
"name": "FEDORA-2022-1e14f3ae45",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/"
},
{
"name": "FEDORA-2022-fc4c513d06",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
}
],
"source": {
"advisory": "20ece512-c600-45ac-8a84-d0931e05541f",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4141",
"datePublished": "2022-11-25T00:00:00",
"dateReserved": "2022-11-25T00:00:00",
"dateUpdated": "2024-08-03T01:27:54.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-47024
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:28.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19"
},
{
"name": "FEDORA-2023-2db4df65c3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
},
{
"name": "FEDORA-2023-93fb5b08eb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19"
},
{
"name": "FEDORA-2023-2db4df65c3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
},
{
"name": "FEDORA-2023-93fb5b08eb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47024",
"datePublished": "2023-01-20T00:00:00",
"dateReserved": "2022-12-12T00:00:00",
"dateUpdated": "2024-08-03T14:47:28.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0351
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-786",
"description": "CWE-786 Access of Memory Location Before Start of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161"
},
{
"url": "https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "8b36db58-b65c-4298-be7f-40b9e37fd161",
"discovery": "EXTERNAL"
},
"title": "Access of Memory Location Before Start of Buffer in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0351",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3872
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3487",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T07:07:02",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b"
},
{
"name": "FEDORA-2021-84f4cf3244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "c958013b-1c09-4939-92ca-92f50aa169e8",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3872",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3487"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8"
},
{
"name": "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b"
},
{
"name": "FEDORA-2021-84f4cf3244",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/"
},
{
"name": "FEDORA-2021-6988830606",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "c958013b-1c09-4939-92ca-92f50aa169e8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3872",
"datePublished": "2021-10-19T12:30:34",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41965
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:52:14.375534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:02.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:18.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.0648"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. double-free in dialog_changed() in Vim \u003c v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:44:09.056Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f"
},
{
"name": "https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c"
}
],
"source": {
"advisory": "GHSA-46pw-v7qw-xc2f",
"discovery": "UNKNOWN"
},
"title": "Vim \u003c v9.1.0648 has a double-free in dialog_changed()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41965",
"datePublished": "2024-08-01T21:44:09.056Z",
"dateReserved": "2024-07-24T16:51:40.952Z",
"dateUpdated": "2024-11-15T13:08:18.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1616
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4895",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2"
},
{
"url": "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c"
},
{
"name": "FEDORA-2022-e92c3ce170",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"name": "FEDORA-2022-f0db3943d9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"name": "FEDORA-2022-8df66cdbef",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "40f1d75f-fb2f-4281-b585-a41017f217e2",
"discovery": "EXTERNAL"
},
"title": "Use after free in append_command in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1616",
"datePublished": "2022-05-07T00:00:00",
"dateReserved": "2022-05-06T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3099
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "FEDORA-2022-3f5099bcc9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/"
},
{
"name": "FEDORA-2022-c28b637883",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0360",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0360."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e"
},
{
"url": "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "FEDORA-2022-3f5099bcc9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/"
},
{
"name": "FEDORA-2022-c28b637883",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "403210c7-6cc7-4874-8934-b57f88bd4f5e",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3099",
"datePublished": "2022-09-03T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3074
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "http://www.rdancer.org/vulnerablevim-shellescape.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3074",
"datePublished": "2009-02-21T22:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12735
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/neovim/neovim/pull/10082"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/930020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/930024"
},
{
"name": "FEDORA-2019-d79f89346c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/"
},
{
"name": "USN-4016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4016-2/"
},
{
"name": "108724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108724"
},
{
"name": "FEDORA-2019-dcd49378b8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/"
},
{
"name": "openSUSE-SU-2019:1551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html"
},
{
"name": "openSUSE-SU-2019:1562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html"
},
{
"name": "DSA-4467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4467"
},
{
"name": "20190624 [SECURITY] [DSA 4467-2] vim regression update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K93144355"
},
{
"name": "RHSA-2019:1619",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
},
{
"name": "RHSA-2019:1774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1774"
},
{
"name": "RHSA-2019:1793",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1793"
},
{
"name": "openSUSE-SU-2019:1759",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1796",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html"
},
{
"name": "DSA-4487",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4487"
},
{
"name": "20190724 [SECURITY] [DSA 4487-1] neovim security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/39"
},
{
"name": "RHSA-2019:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1947"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "openSUSE-SU-2019:1997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T22:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neovim/neovim/pull/10082"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/930020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/930024"
},
{
"name": "FEDORA-2019-d79f89346c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/"
},
{
"name": "USN-4016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4016-2/"
},
{
"name": "108724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108724"
},
{
"name": "FEDORA-2019-dcd49378b8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/"
},
{
"name": "openSUSE-SU-2019:1551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html"
},
{
"name": "openSUSE-SU-2019:1562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html"
},
{
"name": "DSA-4467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4467"
},
{
"name": "20190624 [SECURITY] [DSA 4467-2] vim regression update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K93144355"
},
{
"name": "RHSA-2019:1619",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
},
{
"name": "RHSA-2019:1774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1774"
},
{
"name": "RHSA-2019:1793",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1793"
},
{
"name": "openSUSE-SU-2019:1759",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1796",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html"
},
{
"name": "DSA-4487",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4487"
},
{
"name": "20190724 [SECURITY] [DSA 4487-1] neovim security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/39"
},
{
"name": "RHSA-2019:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1947"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "openSUSE-SU-2019:1997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md",
"refsource": "MISC",
"url": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md"
},
{
"name": "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040"
},
{
"name": "https://github.com/neovim/neovim/pull/10082",
"refsource": "MISC",
"url": "https://github.com/neovim/neovim/pull/10082"
},
{
"name": "https://bugs.debian.org/930020",
"refsource": "MISC",
"url": "https://bugs.debian.org/930020"
},
{
"name": "https://bugs.debian.org/930024",
"refsource": "MISC",
"url": "https://bugs.debian.org/930024"
},
{
"name": "FEDORA-2019-d79f89346c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/"
},
{
"name": "USN-4016-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4016-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4016-2/"
},
{
"name": "108724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108724"
},
{
"name": "FEDORA-2019-dcd49378b8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/"
},
{
"name": "openSUSE-SU-2019:1551",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html"
},
{
"name": "openSUSE-SU-2019:1562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1561",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html"
},
{
"name": "DSA-4467",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4467"
},
{
"name": "20190624 [SECURITY] [DSA 4467-2] vim regression update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/33"
},
{
"name": "https://support.f5.com/csp/article/K93144355",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K93144355"
},
{
"name": "RHSA-2019:1619",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
},
{
"name": "RHSA-2019:1774",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1774"
},
{
"name": "RHSA-2019:1793",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1793"
},
{
"name": "openSUSE-SU-2019:1759",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1796",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html"
},
{
"name": "DSA-4487",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4487"
},
{
"name": "20190724 [SECURITY] [DSA 4487-1] neovim security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/39"
},
{
"name": "RHSA-2019:1947",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1947"
},
{
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"name": "openSUSE-SU-2019:1997",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html"
},
{
"name": "https://support.f5.com/csp/article/K93144355?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "GLSA-202003-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12735",
"datePublished": "2019-06-05T13:07:48",
"dateReserved": "2019-06-05T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1785
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4977",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109"
},
{
"url": "https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8c969cba-eef2-4943-b44a-4e3089599109",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Write in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1785",
"datePublished": "2022-05-19T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2345
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0046",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0046."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f"
},
{
"url": "https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "1eed7009-db6d-487b-bc41-8f2fd260483f",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2345",
"datePublished": "2022-07-08T00:00:00",
"dateReserved": "2022-07-07T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2889
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0225",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0225."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa"
},
{
"url": "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "d1ac9817-825d-49ce-b514-1d5b12b6bdaa",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2889",
"datePublished": "2022-08-19T00:00:00",
"dateReserved": "2022-08-18T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2609
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213844"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1531",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T07:06:22.968939",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622"
},
{
"url": "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"url": "https://support.apple.com/kb/HT213844"
},
{
"url": "https://support.apple.com/kb/HT213845"
}
],
"source": {
"advisory": "1679be5a-565f-4a44-a430-836412a0b622",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2609",
"datePublished": "2023-05-09T00:00:00",
"dateReserved": "2023-05-09T00:00:00",
"dateUpdated": "2024-08-02T06:26:09.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4750
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1857",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1857."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T13:47:02.921Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea"
},
{
"url": "https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "1ab3ebdf-fe7d-4436-b483-9a586e03b0ea",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4750",
"datePublished": "2023-09-04T13:47:02.921Z",
"dateReserved": "2023-09-03T18:26:35.226Z",
"dateUpdated": "2024-08-02T07:37:59.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0393
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T07:08:26",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323"
},
{
"name": "FEDORA-2022-da2fb07efb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0393",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba"
},
{
"name": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323"
},
{
"name": "FEDORA-2022-da2fb07efb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0393",
"datePublished": "2022-01-28T21:30:26",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000382
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://security.cucumberlinux.com/security/details.php?id=120 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/10/31/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=120"
},
{
"name": "[oss-security] 20171031 Fw: Security risk of vim swap files",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=120"
},
{
"name": "[oss-security] 20171031 Fw: Security risk of vim swap files",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000382",
"REQUESTER": "hanno@hboeck.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.cucumberlinux.com/security/details.php?id=120",
"refsource": "CONFIRM",
"url": "http://security.cucumberlinux.com/security/details.php?id=120"
},
{
"name": "[oss-security] 20171031 Fw: Security risk of vim swap files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000382",
"datePublished": "2017-10-31T20:00:00",
"dateReserved": "2017-10-31T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2610
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:37.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213844"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213845"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1532",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T07:06:26.300355",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d"
},
{
"url": "https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a"
},
{
"name": "FEDORA-2023-99d2eaac80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/"
},
{
"name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html"
},
{
"url": "https://support.apple.com/kb/HT213844"
},
{
"url": "https://support.apple.com/kb/HT213845"
}
],
"source": {
"advisory": "31e67340-935b-4f6c-a923-f7246bc29c7d",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2610",
"datePublished": "2023-05-09T00:00:00",
"dateReserved": "2023-05-09T00:00:00",
"dateUpdated": "2024-11-29T12:04:37.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3984
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3625",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a"
},
{
"url": "https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "b114b5a2-18e2-49f0-b350-15994d71426a",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3984",
"datePublished": "2021-12-01T00:00:00",
"dateReserved": "2021-11-19T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1771
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4975",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb"
},
{
"url": "https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "faa74175-5317-4b71-a363-dfc39094ecbb",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Recursion in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1771",
"datePublished": "2022-05-18T00:00:00",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3236
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:16.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/issues/7674"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3236",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:30:16.907301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:30:31.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T13:06:37.520223",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vim/vim/issues/7674"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3236",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-10-10T14:30:31.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2207
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9"
},
{
"url": "https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "05bc6051-4dc3-483b-ae56-cf23346b97b9",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2207",
"datePublished": "2022-06-27T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2126
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213443"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e"
},
{
"url": "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213443"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "8d196d9b-3d10-41d2-9f70-8ef0d08c946e",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2126",
"datePublished": "2022-06-19T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2581
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0104",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:12:51",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88"
}
],
"source": {
"advisory": "0bedbae2-82ae-46ae-aa68-1c28b309b60b",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2581",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0.0104"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b"
},
{
"name": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88"
}
]
},
"source": {
"advisory": "0bedbae2-82ae-46ae-aa68-1c28b309b60b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2581",
"datePublished": "2022-08-01T14:12:51",
"dateReserved": "2022-07-29T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3973
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3611",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T06:10:54",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847"
},
{
"name": "FEDORA-2021-5cd9df120e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3973",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3611"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e"
},
{
"name": "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847"
},
{
"name": "FEDORA-2021-5cd9df120e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3973",
"datePublished": "2021-11-19T11:35:11",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2304
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a"
},
{
"url": "https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "eb7402f3-025a-402f-97a7-c38700d9548a",
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2304",
"datePublished": "2022-07-05T00:00:00",
"dateReserved": "2022-07-04T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45306
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/396fd1ec2956307755392a1 | x_refsource_MISC | |
| https://github.com/vim/vim/releases/tag/v9.1.0038 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:50:36.282509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:11:20.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-04T15:02:51.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241004-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.0038, \u003c 9.1.0707"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It\u0027s not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That\u0027s why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:35:17.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr"
},
{
"name": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.1.0038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.0038"
}
],
"source": {
"advisory": "GHSA-wxf9-c5gx-qrwr",
"discovery": "UNKNOWN"
},
"title": "heap-buffer-overflow in Vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45306",
"datePublished": "2024-09-02T16:35:17.444Z",
"dateReserved": "2024-08-26T18:25:35.443Z",
"dateUpdated": "2024-10-04T15:02:51.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2522
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0061",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22"
},
{
"url": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089"
},
{
"url": "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e"
},
{
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "3a2d83af-9542-4d93-8784-98b115135a22",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2522",
"datePublished": "2022-07-25T00:00:00",
"dateReserved": "2022-07-23T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2712
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "RHSA-2008:0618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "USN-712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "oval:org.mitre.oval:def:6238",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "vim-scripts-command-execution(43083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
},
{
"name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11109",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "[oss-security] 20080616 CVE Id request: vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "ADV-2008-1851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1851/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "30731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30731"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2622"
},
{
"name": "3951",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3951"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"name": "32864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32864"
},
{
"name": "1020293",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020293"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "29715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29715"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
},
{
"name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "RHSA-2008:0618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "USN-712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "oval:org.mitre.oval:def:6238",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "vim-scripts-command-execution(43083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
},
{
"name": "32858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "ADV-2009-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
},
{
"name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11109",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "[oss-security] 20080616 CVE Id request: vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "ADV-2008-1851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1851/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "30731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30731"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2622"
},
{
"name": "3951",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3951"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"name": "32864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32864"
},
{
"name": "1020293",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020293"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "29715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29715"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
},
{
"name": "RHSA-2008:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
},
{
"name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "RHSA-2008:0618",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "USN-712-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "oval:org.mitre.oval:def:6238",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "vim-scripts-command-execution(43083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
},
{
"name": "32858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "ADV-2009-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
},
{
"name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11109",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "[oss-security] 20080616 CVE Id request: vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "ADV-2008-1851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1851/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "30731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30731"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "https://issues.rpath.com/browse/RPL-2622",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2622"
},
{
"name": "3951",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3951"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"name": "32864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32864"
},
{
"name": "1020293",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020293"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "29715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29715"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0247",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
},
{
"name": "RHSA-2008:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
},
{
"name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2712",
"datePublished": "2008-06-16T21:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1898
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea"
},
{
"url": "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a"
},
{
"name": "FEDORA-2022-5ce148636b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/"
},
{
"name": "FEDORA-2022-d94440bf0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
},
{
"name": "FEDORA-2022-bb2daad935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "45aad635-c2f1-47ca-a4f9-db5b25979cea",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1898",
"datePublished": "2022-05-27T00:00:00",
"dateReserved": "2022-05-26T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6350
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-26 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037949 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 | x_refsource_MISC | |
| https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96448 | vdb-entry, x_refsource_BID | |
| https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y | x_refsource_MISC | |
| https://usn.ubuntu.com/4309-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q"
},
{
"name": "96448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q"
},
{
"name": "96448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "1037949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037949"
},
{
"name": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q"
},
{
"name": "96448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96448"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y"
},
{
"name": "USN-4309-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6350",
"datePublished": "2017-02-27T07:25:00",
"dateReserved": "2017-02-26T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1170
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1376",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4"
},
{
"url": "https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c"
},
{
"name": "FEDORA-2023-43cb13aefb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/"
},
{
"name": "FEDORA-2023-d4ebe53978",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"source": {
"advisory": "286e0090-e654-46d2-ac60-29f81799d0a4",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1170",
"datePublished": "2023-03-03T00:00:00",
"dateReserved": "2023-03-03T00:00:00",
"dateUpdated": "2024-08-02T05:40:58.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48706
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q"
},
{
"name": "https://github.com/vim/vim/pull/13552",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/pull/13552"
},
{
"name": "https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb"
},
{
"name": "https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/22/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T22:03:39.503Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q"
},
{
"name": "https://github.com/vim/vim/pull/13552",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/pull/13552"
},
{
"name": "https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb"
},
{
"name": "https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/22/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0001/"
}
],
"source": {
"advisory": "GHSA-c8qm-x72m-q53q",
"discovery": "UNKNOWN"
},
"title": "Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48706",
"datePublished": "2023-11-22T22:03:39.503Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2206
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668"
},
{
"url": "https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "01d01e74-55d0-4d9e-878e-79ba599be668",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2206",
"datePublished": "2022-06-26T00:00:00",
"dateReserved": "2022-06-25T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0128
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://support.apple.com/kb/HT213183 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Mar/29 | mailing-list, x_refsource_FULLDISC | |
| https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/May/35 | mailing-list, x_refsource_FULLDISC | |
| https://support.apple.com/kb/HT213343 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Jul/14 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Out-of-bounds Read"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:07:43",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "63f51299-008a-4112-b85b-1e904aadd4ba",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0128",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Out-of-bounds Read"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba"
},
{
"name": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "https://support.apple.com/kb/HT213343",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213343"
},
{
"name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/14"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "63f51299-008a-4112-b85b-1e904aadd4ba",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0128",
"datePublished": "2022-01-06T16:45:14",
"dateReserved": "2022-01-05T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46246
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm"
},
{
"name": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c= 9.0.2067"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it\u0027s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T18:36:23.907Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm"
},
{
"name": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0006/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/"
}
],
"source": {
"advisory": "GHSA-q22m-h7m2-9mgm",
"discovery": "UNKNOWN"
},
"title": "Integer Overflow in :history command in Vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46246",
"datePublished": "2023-10-27T18:36:23.907Z",
"dateReserved": "2023-10-19T20:34:00.948Z",
"dateUpdated": "2024-08-02T20:37:40.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48236
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5"
},
{
"name": "https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.2111"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger\nthan MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:47:53.519Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5"
},
{
"name": "https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0002/"
}
],
"source": {
"advisory": "GHSA-pr4c-932v-8hx5",
"discovery": "UNKNOWN"
},
"title": "overflow in get_number in vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48236",
"datePublished": "2023-11-16T22:47:53.519Z",
"dateReserved": "2023-11-13T13:25:18.482Z",
"dateUpdated": "2024-08-02T21:23:39.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2257
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89"
},
{
"url": "https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "ca581f80-03ba-472a-b820-78f7fd05fe89",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2257",
"datePublished": "2022-06-30T00:00:00",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0433
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
},
{
"name": "FEDORA-2023-2db4df65c3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
},
{
"name": "FEDORA-2023-93fb5b08eb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213677"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213675"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/18"
},
{
"name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1225",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
},
{
"url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
},
{
"name": "FEDORA-2023-2db4df65c3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
},
{
"name": "FEDORA-2023-93fb5b08eb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
},
{
"url": "https://support.apple.com/kb/HT213677"
},
{
"url": "https://support.apple.com/kb/HT213675"
},
{
"url": "https://support.apple.com/kb/HT213670"
},
{
"name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/18"
},
{
"name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Mar/21"
}
],
"source": {
"advisory": "ae933869-a1ec-402a-bbea-d51764c6618e",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0433",
"datePublished": "2023-01-21T00:00:00",
"dateReserved": "2023-01-21T00:00:00",
"dateUpdated": "2024-08-02T05:10:56.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1248
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vim before patch 8.0.0056 |
Version: vim before patch 8.0.0056 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2016/msg00305.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2016/11/22/20"
},
{
"name": "GLSA-201701-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-29"
},
{
"name": "DSA-3722",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a"
},
{
"name": "[debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html"
},
{
"name": "USN-3139-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3139-1"
},
{
"name": "1037338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040"
},
{
"name": "94478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94478"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/releases/tag/v8.0.0056"
},
{
"name": "RHSA-2016:2972",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2972.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim before patch 8.0.0056",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vim before patch 8.0.0056"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vim before patch 8.0.0056 does not properly validate values for the \u0027filetype\u0027, \u0027syntax\u0027 and \u0027keymap\u0027 options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-security-announce/2016/msg00305.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwall.com/lists/oss-security/2016/11/22/20"
},
{
"name": "GLSA-201701-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-29"
},
{
"name": "DSA-3722",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a"
},
{
"name": "[debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html"
},
{
"name": "USN-3139-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3139-1"
},
{
"name": "1037338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040"
},
{
"name": "94478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94478"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/releases/tag/v8.0.0056"
},
{
"name": "RHSA-2016:2972",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2972.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim before patch 8.0.0056",
"version": {
"version_data": [
{
"version_value": "vim before patch 8.0.0056"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim before patch 8.0.0056 does not properly validate values for the \u0027filetype\u0027, \u0027syntax\u0027 and \u0027keymap\u0027 options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-security-announce/2016/msg00305.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2016/msg00305.html"
},
{
"name": "http://openwall.com/lists/oss-security/2016/11/22/20",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2016/11/22/20"
},
{
"name": "GLSA-201701-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-29"
},
{
"name": "DSA-3722",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3722"
},
{
"name": "https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a",
"refsource": "CONFIRM",
"url": "https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a"
},
{
"name": "[debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html"
},
{
"name": "USN-3139-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3139-1"
},
{
"name": "1037338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037338"
},
{
"name": "https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040",
"refsource": "CONFIRM",
"url": "https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040"
},
{
"name": "94478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94478"
},
{
"name": "https://github.com/vim/vim/releases/tag/v8.0.0056",
"refsource": "CONFIRM",
"url": "https://github.com/vim/vim/releases/tag/v8.0.0056"
},
{
"name": "RHSA-2016:2972",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2972.html"
},
{
"name": "https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1248",
"datePublished": "2016-11-23T15:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2874
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79"
},
{
"url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "95f97dfe-247d-475d-9740-b7adc71f4c79",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2874",
"datePublished": "2022-08-18T00:00:00",
"dateReserved": "2022-08-17T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2923
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0240",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2"
},
{
"url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "fd3a3ab8-ab0f-452f-afea-8c613e283fd2",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2923",
"datePublished": "2022-08-22T00:00:00",
"dateReserved": "2022-08-21T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2182
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8"
},
{
"url": "https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e"
},
{
"name": "FEDORA-2022-719f3ec21b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"name": "FEDORA-2022-bb7f3cacbf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "238d8650-3beb-4831-a8f7-6f0b597a6fb8",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2182",
"datePublished": "2022-06-23T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3770
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9"
},
{
"name": "FEDORA-2021-5fa81a2b04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/"
},
{
"name": "FEDORA-2021-4a43cbe0b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/"
},
{
"name": "FEDORA-2021-e982f972f2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3403",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365"
},
{
"url": "https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9"
},
{
"name": "FEDORA-2021-5fa81a2b04",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/"
},
{
"name": "FEDORA-2021-4a43cbe0b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/"
},
{
"name": "FEDORA-2021-e982f972f2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/"
},
{
"name": "[oss-security] 20210930 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/01/1"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221124-0003/"
}
],
"source": {
"advisory": "016ad2f2-07c1-4d14-a8ce-6eed10729365",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3770",
"datePublished": "2021-09-06T00:00:00",
"dateReserved": "2021-09-05T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3928
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732"
},
{
"name": "FEDORA-2021-58ab85548d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"
},
{
"name": "FEDORA-2021-cfadac570a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3582",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use of Uninitialized Variable"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd"
},
{
"url": "https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732"
},
{
"name": "FEDORA-2021-58ab85548d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"
},
{
"name": "FEDORA-2021-cfadac570a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "29c3ebd2-d601-481c-bf96-76975369d0cd",
"discovery": "EXTERNAL"
},
"title": "Use of Uninitialized Variable in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3928",
"datePublished": "2021-11-05T00:00:00",
"dateReserved": "2021-11-04T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2862
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0221",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0221."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765"
},
{
"url": "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "71180988-1ab6-4311-bca8-e9a879b06765",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2862",
"datePublished": "2022-08-17T00:00:00",
"dateReserved": "2022-08-16T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0316
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/33447 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2009/01/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html | mailing-list, x_refsource_MLIST | |
| https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT4077 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48275 | vdb-entry, x_refsource_XF | |
| https://bugzilla.redhat.com/show_bug.cgi?id=481565 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
},
{
"name": "33447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33447"
},
{
"name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "MDVSA-2009:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
},
{
"name": "vim-pysyssetargv-privilege-escalation(48275)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
},
{
"name": "33447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33447"
},
{
"name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "MDVSA-2009:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
},
{
"name": "vim-pysyssetargv-privilege-escalation(48275)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
},
{
"name": "33447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33447"
},
{
"name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
"refsource": "MLIST",
"url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
},
{
"name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
"refsource": "CONFIRM",
"url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "MDVSA-2009:047",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
},
{
"name": "vim-pysyssetargv-privilege-escalation(48275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0316",
"datePublished": "2009-01-28T11:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5953
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-26 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/96217 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3786 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d | x_refsource_CONFIRM | |
| https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4016-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4309-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "96217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96217"
},
{
"name": "DSA-3786",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY"
},
{
"name": "USN-4016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201706-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "96217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96217"
},
{
"name": "DSA-3786",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY"
},
{
"name": "USN-4016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4309-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-26"
},
{
"name": "96217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96217"
},
{
"name": "DSA-3786",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3786"
},
{
"name": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d",
"refsource": "CONFIRM",
"url": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY"
},
{
"name": "USN-4016-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"name": "USN-4309-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5953",
"datePublished": "2017-02-10T06:51:00",
"dateReserved": "2017-02-10T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5344
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214038"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214037"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1969",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T19:20:30.352Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf"
},
{
"url": "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/"
},
{
"url": "https://support.apple.com/kb/HT214038"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214037"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11"
}
],
"source": {
"advisory": "530cb762-899e-48d7-b50e-dad09eb775bf",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5344",
"datePublished": "2023-10-02T19:20:30.352Z",
"dateReserved": "2023-10-02T19:20:20.807Z",
"dateUpdated": "2024-08-02T07:52:08.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1154
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4646",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425"
},
{
"url": "https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "7f0ec6bc-ea0e-45b0-8128-caac72d23425",
"discovery": "EXTERNAL"
},
"title": "Use after free in utf_ptr2char in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1154",
"datePublished": "2022-03-30T00:00:00",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2285
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736"
},
{
"url": "https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "64574b28-1779-458d-a221-06c434042736",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2285",
"datePublished": "2022-07-02T00:00:00",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0156
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://support.apple.com/kb/HT213183 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Mar/29 | mailing-list, x_refsource_FULLDISC | |
| https://support.apple.com/kb/HT213344 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2022/Jul/13 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f"
},
{
"name": "FEDORA-2022-20e66c6698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Use After Free"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T05:08:55",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f"
},
{
"name": "FEDORA-2022-20e66c6698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"source": {
"advisory": "47dded34-3767-4725-8c7c-9dcb68c70b36",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0156",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Use After Free"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36"
},
{
"name": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f"
},
{
"name": "FEDORA-2022-20e66c6698",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "FEDORA-2022-48b86d586f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "https://support.apple.com/kb/HT213183",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213183"
},
{
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"name": "https://support.apple.com/kb/HT213344",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213344"
},
{
"name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/13"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
}
]
},
"source": {
"advisory": "47dded34-3767-4725-8c7c-9dcb68c70b36",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0156",
"datePublished": "2022-01-10T15:26:33",
"dateReserved": "2022-01-08T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3076
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "30115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "netrw-multiple-code-execution(43624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "30115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "netrw-multiple-code-execution(43624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw.html"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "30115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30115"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "netrw-multiple-code-execution(43624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3076",
"datePublished": "2009-02-21T22:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0318
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:06.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08"
},
{
"url": "https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"source": {
"advisory": "0d10ba02-b138-4e68-a284-67f781a62d08",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0318",
"datePublished": "2022-01-21T00:00:00",
"dateReserved": "2022-01-20T00:00:00",
"dateUpdated": "2024-11-15T13:08:06.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2286
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8"
},
{
"url": "https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c"
},
{
"name": "FEDORA-2022-b06fbea2c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/"
},
{
"name": "FEDORA-2022-9d7a58e376",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "fe7681fb-2318-436b-8e65-daf66cd597d8",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2286",
"datePublished": "2022-07-02T00:00:00",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0359
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "a3192d90-4f82-4a67-b7a6-37046cc88def",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0359",
"datePublished": "2022-01-26T00:00:00",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0554
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0554",
"datePublished": "2022-02-10T00:00:00",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3903
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43"
},
{
"name": "FEDORA-2021-af135cabe2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/"
},
{
"name": "FEDORA-2021-a5e55a9e02",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.3564",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T14:06:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43"
},
{
"name": "FEDORA-2021-af135cabe2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/"
},
{
"name": "FEDORA-2021-a5e55a9e02",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
}
],
"source": {
"advisory": "35738a4f-55ce-446c-b836-2fb0b39625f8",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3903",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.3564"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vim is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8"
},
{
"name": "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43"
},
{
"name": "FEDORA-2021-af135cabe2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/"
},
{
"name": "FEDORA-2021-a5e55a9e02",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/"
},
{
"name": "FEDORA-2021-b0ac29efb1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"
},
{
"name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"name": "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
}
]
},
"source": {
"advisory": "35738a4f-55ce-446c-b836-2fb0b39625f8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3903",
"datePublished": "2021-10-27T21:00:13",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1725
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:58.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4959",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c"
},
{
"url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "4363cf07-233e-4d0a-a1d5-c731a400525c",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1725",
"datePublished": "2022-05-16T00:00:00",
"dateReserved": "2022-05-15T00:00:00",
"dateUpdated": "2024-08-03T00:16:58.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4677
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30670"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "31464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461750"
},
{
"name": "[vim_dev] 20080817 Re: Anyone fixing SA31464?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "20080812 Vim: Netrw: FTP User Name and Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495436"
},
{
"name": "ADV-2008-2379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2379"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/06/4"
},
{
"name": "20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495432"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"
},
{
"name": "vim-netrw-ftp-information-disclosure(44419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I\u0027m assuming that they\u0027re using the same id and password on that unchanged hostname, deliberately.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30670"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "31464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461750"
},
{
"name": "[vim_dev] 20080817 Re: Anyone fixing SA31464?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "20080812 Vim: Netrw: FTP User Name and Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495436"
},
{
"name": "ADV-2008-2379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2379"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/06/4"
},
{
"name": "20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495432"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"
},
{
"name": "vim-netrw-ftp-information-disclosure(44419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I\u0027m assuming that they\u0027re using the same id and password on that unchanged hostname, deliberately.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30670"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "31464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31464"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461750",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461750"
},
{
"name": "[vim_dev] 20080817 Re: Anyone fixing SA31464?",
"refsource": "MLIST",
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"
},
{
"name": "20080812 Vim: Netrw: FTP User Name and Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495436"
},
{
"name": "ADV-2008-2379",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2379"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/06/4"
},
{
"name": "20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495432"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"
},
{
"name": "vim-netrw-ftp-information-disclosure(44419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4677",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:21.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1127
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c"
},
{
"name": "FEDORA-2023-27958e9307",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/"
},
{
"name": "FEDORA-2023-ccf283d7e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1367",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide By Zero in GitHub repository vim/vim prior to 9.0.1367."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb"
},
{
"url": "https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c"
},
{
"name": "FEDORA-2023-27958e9307",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/"
},
{
"name": "FEDORA-2023-ccf283d7e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/"
},
{
"name": "FEDORA-2023-030318ca00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/"
}
],
"source": {
"advisory": "2d4d309e-4c96-415f-9070-36d0815f1beb",
"discovery": "EXTERNAL"
},
"title": "Divide By Zero in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1127",
"datePublished": "2023-03-01T00:00:00",
"dateReserved": "2023-03-01T00:00:00",
"dateUpdated": "2024-08-02T05:32:46.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4293
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230203-0007/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0804",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1077",
"description": "CWE-1077 Floating Point Comparison with Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143"
},
{
"url": "https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230203-0007/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "385a835f-6e33-4d00-acce-ac99f3939143",
"discovery": "EXTERNAL"
},
"title": "Floating Point Comparison with Incorrect Operator in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4293",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-12-05T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0629
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc"
},
{
"name": "FEDORA-2022-8622ebdebb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877"
},
{
"url": "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc"
},
{
"name": "FEDORA-2022-8622ebdebb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/"
},
{
"name": "FEDORA-2022-48bf3cb1c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"source": {
"advisory": "95e2b0da-e480-4ee8-9324-a93a2ab0a877",
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0629",
"datePublished": "2022-02-17T00:00:00",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3297
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0579",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.0579."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c"
},
{
"url": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "1aa9ec92-0355-4710-bf85-5bce9effa01c",
"discovery": "EXTERNAL"
},
"title": "Use After Free in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3297",
"datePublished": "2022-09-25T00:00:00",
"dateReserved": "2022-09-24T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202202-0070
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4359"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0572",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414804",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0572",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0572",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0572",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0572",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0572",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0572",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414804",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0572",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0572",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-11175",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-414804",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0572",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"id": "VAR-202202-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:33:44.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "retab Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183395"
},
{
"title": "Red Hat: CVE-2022-0572",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0572"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4goy5ywtp5quy2eflcl7auwa2cv57c37/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4goy5ywtp5quy2eflcl7auwa2cv57c37/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0572"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ex-retab-37585"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-414804"
},
{
"date": "2022-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"date": "2023-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"date": "2022-02-14T12:15:23.060000",
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-414804"
},
{
"date": "2022-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"date": "2023-06-07T05:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"date": "2024-11-21T06:38:56.540000",
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
],
"trust": 0.6
}
}
var-202206-1148
Vulnerability from variot
Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to Vim 8.2, which stems from a reuse-after-free issue in the application. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-6557-1 December 14, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886)
It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000)
It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042)
It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231)
It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)
It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237)
It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.2 vim-athena 2:9.0.1672-1ubuntu2.2 vim-gtk3 2:9.0.1672-1ubuntu2.2 vim-nox 2:9.0.1672-1ubuntu2.2 vim-tiny 2:9.0.1672-1ubuntu2.2 xxd 2:9.0.1672-1ubuntu2.2
Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.3 vim-athena 2:9.0.1000-4ubuntu3.3 vim-gtk3 2:9.0.1000-4ubuntu3.3 vim-nox 2:9.0.1000-4ubuntu3.3 vim-tiny 2:9.0.1000-4ubuntu3.3 xxd 2:9.0.1000-4ubuntu3.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.15 vim-athena 2:8.2.3995-1ubuntu2.15 vim-gtk 2:8.2.3995-1ubuntu2.15 vim-gtk3 2:8.2.3995-1ubuntu2.15 vim-nox 2:8.2.3995-1ubuntu2.15 vim-tiny 2:8.2.3995-1ubuntu2.15 xxd 2:8.2.3995-1ubuntu2.15
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.21 vim-athena 2:8.1.2269-1ubuntu5.21 vim-gtk 2:8.1.2269-1ubuntu5.21 vim-gtk3 2:8.1.2269-1ubuntu5.21 vim-nox 2:8.1.2269-1ubuntu5.21 vim-tiny 2:8.1.2269-1ubuntu5.21 xxd 2:8.1.2269-1ubuntu5.21
Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm7 vim-athena 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7 vim-nox 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny 2:8.0.1453-1ubuntu1.13+esm7 xxd 2:8.0.1453-1ubuntu1.13+esm7
Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm22 vim-athena 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22 vim-nox 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny 2:7.4.1689-3ubuntu1.5+esm22
Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm15 vim-athena 2:7.4.052-1ubuntu3.1+esm15 vim-gtk 2:7.4.052-1ubuntu3.1+esm15 vim-nox 2:7.4.052-1ubuntu3.1+esm15 vim-tiny 2:7.4.052-1ubuntu3.1+esm15
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5072"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167585"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2042",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-2042",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2042",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-2042",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2042",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2042",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2042",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2042",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-424840",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2042",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to Vim 8.2, which stems from a reuse-after-free issue in the application. If an attacker could trick a \nuser into opening a specially crafted file, it could cause Vim to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-6557-1\nDecember 14, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 14.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to dereference invalid memory. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1725)\n\nIt was discovered that Vim could be made to recurse infinitely. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)\n\nIt was discovered that Vim could be made to write out of bounds with a put\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-1886)\n\nIt was discovered that Vim could be made to write out of bounds. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,\nCVE-2022-2000)\n\nIt was discovered that Vim did not properly manage memory in the spell\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-2042)\n\nIt was discovered that Vim did not properly manage memory. An attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2023-46246, CVE-2023-48231)\n\nIt was discovered that Vim could be made to divide by zero. An attacker\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)\n\nIt was discovered that Vim contained multiple arithmetic overflows. An\nattacker could possibly use these issues to cause a denial of service. \n(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,\nCVE-2023-48237)\n\nIt was discovered that Vim did not properly manage memory in the\nsubstitute command. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n vim 2:9.0.1672-1ubuntu2.2\n vim-athena 2:9.0.1672-1ubuntu2.2\n vim-gtk3 2:9.0.1672-1ubuntu2.2\n vim-nox 2:9.0.1672-1ubuntu2.2\n vim-tiny 2:9.0.1672-1ubuntu2.2\n xxd 2:9.0.1672-1ubuntu2.2\n\nUbuntu 23.04:\n vim 2:9.0.1000-4ubuntu3.3\n vim-athena 2:9.0.1000-4ubuntu3.3\n vim-gtk3 2:9.0.1000-4ubuntu3.3\n vim-nox 2:9.0.1000-4ubuntu3.3\n vim-tiny 2:9.0.1000-4ubuntu3.3\n xxd 2:9.0.1000-4ubuntu3.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.15\n vim-athena 2:8.2.3995-1ubuntu2.15\n vim-gtk 2:8.2.3995-1ubuntu2.15\n vim-gtk3 2:8.2.3995-1ubuntu2.15\n vim-nox 2:8.2.3995-1ubuntu2.15\n vim-tiny 2:8.2.3995-1ubuntu2.15\n xxd 2:8.2.3995-1ubuntu2.15\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.21\n vim-athena 2:8.1.2269-1ubuntu5.21\n vim-gtk 2:8.1.2269-1ubuntu5.21\n vim-gtk3 2:8.1.2269-1ubuntu5.21\n vim-nox 2:8.1.2269-1ubuntu5.21\n vim-tiny 2:8.1.2269-1ubuntu5.21\n xxd 2:8.1.2269-1ubuntu5.21\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n vim 2:8.0.1453-1ubuntu1.13+esm7\n vim-athena 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7\n vim-nox 2:8.0.1453-1ubuntu1.13+esm7\n vim-tiny 2:8.0.1453-1ubuntu1.13+esm7\n xxd 2:8.0.1453-1ubuntu1.13+esm7\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.1689-3ubuntu1.5+esm22\n vim-athena 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22\n vim-nox 2:7.4.1689-3ubuntu1.5+esm22\n vim-tiny 2:7.4.1689-3ubuntu1.5+esm22\n\nUbuntu 14.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.052-1ubuntu3.1+esm15\n vim-athena 2:7.4.052-1ubuntu3.1+esm15\n vim-gtk 2:7.4.052-1ubuntu3.1+esm15\n vim-nox 2:7.4.052-1ubuntu3.1+esm15\n vim-tiny 2:7.4.052-1ubuntu3.1+esm15\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "PACKETSTORM",
"id": "167585"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424840",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2042",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167585",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3113",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424840",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2042",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "PACKETSTORM",
"id": "167585"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"id": "VAR-202206-1148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:06:52.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=213462"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2042"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-spell-move-to-38666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2042/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3113"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167585/ubuntu-security-notice-usn-5492-1.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5492-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6557-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48237"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48232"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "PACKETSTORM",
"id": "167585"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424840"
},
{
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"db": "PACKETSTORM",
"id": "167585"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-424840"
},
{
"date": "2022-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"date": "2022-06-24T15:00:17",
"db": "PACKETSTORM",
"id": "167585"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2023-12-15T15:15:14",
"db": "PACKETSTORM",
"id": "176249"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"date": "2022-06-10T19:15:08.813000",
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-424840"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2042"
},
{
"date": "2023-08-23T00:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-011582"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1020"
},
{
"date": "2024-11-21T07:00:13.323000",
"db": "NVD",
"id": "CVE-2022-2042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011582"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1020"
}
],
"trust": 0.6
}
}
var-202112-2540
Vulnerability from variot
vim is vulnerable to Use After Free. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
-
RHACM 2.2.11 images (Bugzilla #2029508)
-
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
2030859)
- Bugs fixed (https://bugzilla.redhat.com/):
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina
Security Update 2022-005 Catalina addresses the following issues.
APFS Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Calendar Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
Calendar Available for: macOS Catalina Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
CoreText Available for: macOS Catalina Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
FaceTime Available for: macOS Catalina Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing
File System Events Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
ICU Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Catalina Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Kernel Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab
libxml2 Available for: macOS Catalina Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Catalina Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Catalina Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Catalina Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Catalina Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Catalina Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant
TCC Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Vim Available for: macOS Catalina Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
Wi-Fi Available for: macOS Catalina Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Security Update 2022-005 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32 qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1 PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA 6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J 96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj 8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK 8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao= =fcrb -----END PGP SIGNATURE-----
. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Security Fix(es):
-
vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872)
-
vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984)
-
vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019)
-
vim: use-after-free in win_linetabsize() (CVE-2021-4192)
-
vim: out-of-bound read in getvcol() (CVE-2021-4193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update Advisory ID: RHSA-2022:0444-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0444 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security Fix(es):
-
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
-
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content:
- On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example:
$ oc login -u system:admin
- Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands:
$ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done
- Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands:
$ oc -n openshift import-image redhat-sso74-openshift:1.0
- Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
CIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. This update provides security fixes, fixes bugs, and updates the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
-
containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816)
-
minio-go: user privilege escalation in AddUser() admin API (CVE-2021-43858)
-
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
-
fastify-static: open redirect via an URL with double slash followed by a domain (CVE-2021-22963)
-
moby:
docker cpallows unexpected chmod of host file (CVE-2021-41089) -
moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal (CVE-2021-41091)
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
node-fetch: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0235)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
Bug fixes:
-
Trying to create a new cluster on vSphere and no feedback, stuck in "creating" (Bugzilla #1937078)
-
The hyperlink of *ks cluster node cannot be opened when I want to check the node (Bugzilla #2028100)
-
Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196)
-
RHACM cannot deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) (Bugzilla #2028931)
-
RHACM 2.4.2 images (Bugzilla #2029506)
-
Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 (Bugzilla #2030005)
-
Namespace left orphaned after destroying the cluster (Bugzilla #2030379)
-
The results filtered through the filter contain some data that should not be present in cluster page (Bugzilla #2034198)
-
Git over ssh doesn't use custom port set in url (Bugzilla #2036057)
-
The value of name label changed from clusterclaim name to cluster name (Bugzilla #2042223)
-
ACM configuration policies do not handle Limitrange or Quotas values (Bugzilla #2042545)
-
Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 (Bugzilla #2050847)
-
The azure government regions were not list in the region drop down list when creating the cluster (Bugzilla #2051797)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown:
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
2008592 - CVE-2021-41089 moby: docker cp allows unexpected chmod of host file
2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when
2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain
2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal
2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability
2028100 - The hyperlink of *ks cluster node can not be opened when I want to check the node
2028196 - Unable to make SSH connection to a Bitbucket server
2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1)
2029506 - RHACM 2.4.2 images
2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0
2030379 - Namespace left orphaned after destroying the cluster
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032957 - Missing AWX templates in ACM
2034198 - The results filtered through the filter contain some data that should not be present in cluster page
2036057 - git over ssh doesn't use custom port set in url
2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API
2039378 - Deploying CRD via Application does not update status in ACM console
2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool
2042545 - ACM configuration policies do not handle Limitrange or Quotas values
2043519 - "apps.open-cluster-management.io/git-branch" annotation should be mandatory
2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6
2051797 - the azure government regions were not list in the region drop down list when create the cluster
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
- Bugs fixed (https://bugzilla.redhat.com/):
1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed
- ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6026-1 CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207
Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3949"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "165930"
},
{
"db": "PACKETSTORM",
"id": "165917"
},
{
"db": "PACKETSTORM",
"id": "166199"
},
{
"db": "PACKETSTORM",
"id": "166179"
}
],
"trust": 0.6
},
"cve": "CVE-2021-4192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4192",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-410613",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4192",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4192",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4192",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4192",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-410613",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2029508 - RHACM 2.2.11 images\n2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina\n\nSecurity Update 2022-005 Catalina addresses the following issues. \n\nAPFS\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Catalina\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nCalendar\nAvailable for: macOS Catalina\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCalendar\nAvailable for: macOS Catalina\nImpact: An app may be able to access user-sensitive data\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nCoreText\nAvailable for: macOS Catalina\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFaceTime\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nFile System Events\nAvailable for: macOS Catalina\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nICU\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nKernel\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32815: Xinru Chi of Pangu Lab\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nlibxml2\nAvailable for: macOS Catalina\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nPackageKit\nAvailable for: macOS Catalina\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Catalina\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Catalina\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Catalina\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Catalina\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Catalina\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Catalina\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Catalina\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue in the handling of symlinks was\naddressed with improved validation of symlinks. \nCVE-2022-26704: Joshua Mason of Mandiant\n\nTCC\nAvailable for: macOS Catalina\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nVim\nAvailable for: macOS Catalina\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWi-Fi\nAvailable for: macOS Catalina\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nSecurity Update 2022-005 Catalina may be obtained from the Mac App\nStore or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p\nrhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32\nqA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC\nzB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1\nPlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA\n6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW\ng00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J\n96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj\n8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN\nNGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F\nlD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK\n8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao=\n=fcrb\n-----END PGP SIGNATURE-----\n\n\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* vim: heap-based buffer overflow in win_redr_status() in drawscreen.c\n(CVE-2021-3872)\n\n* vim: illegal memory access in find_start_brace() in cindent.c when\nC-indenting (CVE-2021-3984)\n\n* vim: heap-based buffer overflow in find_help_tags() in help.c\n(CVE-2021-4019)\n\n* vim: use-after-free in win_linetabsize() (CVE-2021-4192)\n\n* vim: out-of-bound read in getvcol() (CVE-2021-4193)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update\nAdvisory ID: RHSA-2022:0444-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0444\nIssue date: 2022-02-07\nCVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 \n CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 \n CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 \n CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 \n CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 \n CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 \n CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 \n CVE-2022-23305 CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK,\nrunning on OpenShift Container Platform 3.10 and 3.11, and 4.3. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. \n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use\nwithin the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing\nPlatform-as-a-Service (PaaS) for on-premise or private cloud deployments,\naligning with the standalone product release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image,\nFollow these steps to pull in the content:\n\n1. On your master hosts, ensure you are logged into the CLI as a cluster\nadministrator or user with project administrator access to the global\n\"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in\nthe \"openshift\" project by running the following commands:\n\n$ for resource in sso74-image-stream.json \\ sso74-https.json \\\nsso74-mysql.json \\ sso74-mysql-persistent.json \\ sso74-postgresql.json \\\nsso74-postgresql-persistent.json \\ sso74-x509-https.json \\\nsso74-x509-mysql-persistent.json \\ sso74-x509-postgresql-persistent.json do\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso74-openshift:1.0\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. This update provides security fixes, fixes bugs, and\nupdates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* containerd: Unprivileged pod may bind mount any privileged regular file\non disk (CVE-2021-43816)\n\n* minio-go: user privilege escalation in AddUser() admin API\n(CVE-2021-43858)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching\nANSI escape codes (CVE-2021-3807)\n\n* fastify-static: open redirect via an URL with double slash followed by a\ndomain (CVE-2021-22963)\n\n* moby: `docker cp` allows unexpected chmod of host file (CVE-2021-41089)\n\n* moby: data directory contains subdirectories with insufficiently\nrestricted permissions, which could lead to directory traversal\n(CVE-2021-41091)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* node-fetch: Exposure of Sensitive Information to an Unauthorized Actor\n(CVE-2022-0235)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\nBug fixes:\n\n* Trying to create a new cluster on vSphere and no feedback, stuck in\n\"creating\" (Bugzilla #1937078)\n\n* The hyperlink of *ks cluster node cannot be opened when I want to check\nthe node (Bugzilla #2028100)\n\n* Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196)\n\n* RHACM cannot deploy Helm Charts with version numbers starting with\nletters (e.g. v1.6.1) (Bugzilla #2028931)\n\n* RHACM 2.4.2 images (Bugzilla #2029506)\n\n* Git Application still appears in Application Table and Resources are\nStill Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0\n(Bugzilla #2030005)\n\n* Namespace left orphaned after destroying the cluster (Bugzilla #2030379)\n\n* The results filtered through the filter contain some data that should not\nbe present in cluster page (Bugzilla #2034198)\n\n* Git over ssh doesn\u0027t use custom port set in url (Bugzilla #2036057)\n\n* The value of name label changed from clusterclaim name to cluster name\n(Bugzilla #2042223)\n\n* ACM configuration policies do not handle Limitrange or Quotas values\n(Bugzilla #2042545)\n\n* Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6\n(Bugzilla #2050847)\n\n* The azure government regions were not list in the region drop down list\nwhen creating the cluster (Bugzilla #2051797)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown:\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2008592 - CVE-2021-41089 moby: `docker cp` allows unexpected chmod of host file\n2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when\n2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain\n2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal\n2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability\n2028100 - The hyperlink of *ks cluster node can not be opened when I want to check the node\n2028196 - Unable to make SSH connection to a Bitbucket server\n2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1)\n2029506 - RHACM 2.4.2 images\n2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0\n2030379 - Namespace left orphaned after destroying the cluster\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032957 - Missing AWX templates in ACM\n2034198 - The results filtered through the filter contain some data that should not be present in cluster page\n2036057 - git over ssh doesn\u0027t use custom port set in url\n2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API\n2039378 - Deploying CRD via Application does not update status in ACM console\n2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool\n2042545 - ACM configuration policies do not handle Limitrange or Quotas values\n2043519 - \"apps.open-cluster-management.io/git-branch\" annotation should be mandatory\n2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6\n2051797 - the azure government regions were not list in the region drop down list when create the cluster\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception\n2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed\n\n6. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6026-1\n CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213,\n CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351,\n CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408,\n CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629,\n CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4192"
},
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "165930"
},
{
"db": "PACKETSTORM",
"id": "165917"
},
{
"db": "PACKETSTORM",
"id": "166199"
},
{
"db": "PACKETSTORM",
"id": "166179"
},
{
"db": "PACKETSTORM",
"id": "171934"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-410613",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4192",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165813",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166199",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166179",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165930",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165917",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165902",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-410613",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "165930"
},
{
"db": "PACKETSTORM",
"id": "165917"
},
{
"db": "PACKETSTORM",
"id": "166199"
},
{
"db": "PACKETSTORM",
"id": "166179"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"id": "VAR-202112-2540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:32:09.382000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4122"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0185"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.ga/templates/${resource}"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22963"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0552"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "165930"
},
{
"db": "PACKETSTORM",
"id": "165917"
},
{
"db": "PACKETSTORM",
"id": "166199"
},
{
"db": "PACKETSTORM",
"id": "166179"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-410613"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "165930"
},
{
"db": "PACKETSTORM",
"id": "165917"
},
{
"db": "PACKETSTORM",
"id": "166199"
},
{
"db": "PACKETSTORM",
"id": "166179"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-410613"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-03-15T15:44:21",
"db": "PACKETSTORM",
"id": "166309"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2022-02-02T16:48:00",
"db": "PACKETSTORM",
"id": "165813"
},
{
"date": "2022-02-09T16:20:47",
"db": "PACKETSTORM",
"id": "165930"
},
{
"date": "2022-02-09T16:10:33",
"db": "PACKETSTORM",
"id": "165917"
},
{
"date": "2022-03-04T16:03:16",
"db": "PACKETSTORM",
"id": "166199"
},
{
"date": "2022-03-02T16:50:31",
"db": "PACKETSTORM",
"id": "166179"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2021-12-31T15:15:08.560000",
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-410613"
},
{
"date": "2024-11-21T06:37:06.850000",
"db": "NVD",
"id": "CVE-2021-4192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165917"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo Linux Security Advisory 202208-32",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "171934"
}
],
"trust": 0.2
}
}
var-202205-0855
Vulnerability from variot
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint
2042652 - Unable to deploy hw-event-proxy operator
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047308 - Remove metrics and events for master port offsets
2055049 - No pre-caching for NFD images
2055436 - nfd-master tracking the wrong api group
2055439 - nfd-master tracking the wrong api group (operand)
2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules
2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag
2062849 - hw event proxy is not binding on ipv6 local address
2066860 - Wrong spec in NFD documentation under operand
2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2067312 - PPT event source is lost when received by the consumer
2077243 - NFD os release label lost after upgrade to ocp 4.10.6
2087511 - NFD SkipRange is wrong causing OLM install problems
2089962 - Node feature Discovery operator installation failed.
2090774 - Add Readme to plugin directory
2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security update:
- nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
Bug fixes:
-
Can't install submariner add-ons from UI on unsupported cloud provider (BZ# 2087686)
-
policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub (BZ# 2088270)
-
RHACM 2.5.1 images (BZ# 2090802)
-
Broken link to Submariner manual install instructions (BZ# 2095333)
-
The backend service is unavailablewhen accessing ACM 2.5 Overview page (BZ# 2096389) -
64 character length causing clusters to unsubscribe (BZ# 2101453)
-
Bugs fixed (https://bugzilla.redhat.com/):
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2087686 - Can't install submariner add-ons from UI on unsupported cloud provider
2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub
2090802 - RHACM 2.5.1 images
2095333 - Broken link to Submariner manual install instructions
2096389 - The backend service is unavailable when accessing ACM 2.5 Overview page
2101453 - 64 character length causing clusters to unsubscribe
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ACS 3.71 enhancement and security update Advisory ID: RHSA-2022:5704-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:5704 Issue date: 2022-07-25 CVE Names: CVE-2021-40528 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29173 CVE-2022-29824 ==================================================================== 1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Release of ACS 3.71 provides these changes:
Security Fix(es):
- go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New Features:
- New RHACS dashboard and widgets
- New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default.
- New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default.
- Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group.
- List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment.
- Alpine 3.16 support for Scanner
Enhancements: * Change to roxctl image scan behavior: The default value for the - --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard.
Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF.
Deprecated features:
- RenamePolicyCategory and DeletePolicyCategory API endpoints
- Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent
- Retrieving groups by property
- vulns fields of storage.Node object in response payload of v1/nodes
- /v1/cves/suppress and /v1/cves/unsuppress
Removed features:
- Anchore, Tenable, and Docker Trusted Registry integrations
- External authorization plug-in for scoped access control
- FROM option in the Disallowed Dockerfile line policy field
-
PodSecurityPolicy (PSP) Kubernetes objects
-
Solution:
To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root
- JIRA issues fixed (https://issues.jboss.org/):
ROX-11898 - Release RHACS 3.71.0
- References:
https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29173 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR V/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF 08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c mlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc F9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ iu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P 6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD wEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u XS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe 3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP 2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ +tIPRnmepo8=I5j4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- ========================================================================== Ubuntu Security Notice USN-5613-2 September 19, 2022
vim regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-5613-1 caused a regression in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154)
It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4919"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "167838"
},
{
"db": "PACKETSTORM",
"id": "167984"
}
],
"trust": 0.5
},
"cve": "CVE-2022-1621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1621",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419734",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1621",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1621",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1621",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1621",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2826",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419734",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1621",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.11.0. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity update:\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\nBug fixes:\n\n* Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n(BZ# 2087686)\n\n* policy controller addons are Progressing status (unhealthy from backend)\non OCP3.11 in ARM hub (BZ# 2088270)\n\n* RHACM 2.5.1 images (BZ# 2090802)\n\n* Broken link to Submariner manual install instructions (BZ# 2095333)\n\n* `The backend service is unavailable` when accessing ACM 2.5 Overview page\n(BZ# 2096389)\n\n* 64 character length causing clusters to unsubscribe (BZ# 2101453)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2087686 - Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub\n2090802 - RHACM 2.5.1 images\n2095333 - Broken link to Submariner manual install instructions\n2096389 - `The backend service is unavailable` when accessing ACM 2.5 Overview page\n2101453 - 64 character length causing clusters to unsubscribe\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.71 enhancement and security update\nAdvisory ID: RHSA-2022:5704-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5704\nIssue date: 2022-07-25\nCVE Names: CVE-2021-40528 CVE-2022-1621 CVE-2022-1629\n CVE-2022-22576 CVE-2022-25313 CVE-2022-25314\n CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n CVE-2022-29173 CVE-2022-29824\n====================================================================\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes bug fixes and feature improvements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRelease of ACS 3.71 provides these changes:\n\nSecurity Fix(es):\n\n* go-tuf: No protection against rollback attacks for roles other than root\n(CVE-2022-29173)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nNew Features:\n\n* New RHACS dashboard and widgets\n* New default policy for privilege escalation: detects if a deployment is\nrunning with a container that has allowPrivilegeEscalation set to true. \nThis policy is enabled by default. The privilege escalation setting is\nenabled in Kubernetes pods by default. \n* New default policy for externally exposed service: detects if a\ndeployment has any service that is externally exposed through any methods. \nThe policy is disabled by default. \n* Ability to assign multiple RHACS roles to users and groups: Allows you to\nassign multiple roles using key-value pairs to a single user or group. \n* List of network policies in Deployment tab for violations: A new\ninformation section has been added to help resolve a \"missing Kubernetes\nnetwork policy\" violation that lists all the Kubernetes network policies\napplicable to the namespace of the offending deployment. \n* Alpine 3.16 support for Scanner\n\nEnhancements:\n* Change to roxctl image scan behavior: The default value for the\n- --include-snoozed option of the roxctl image scan command is set to false. \nIf the --include-snoozed option is set to false, the scan does not include\nsnoozed CVEs. \n* Diagnostic bundles update: These now include notifiers, auth providers\nand auth provider groups, access control roles with attached permission set\nand access scope, and system configuration information. Users with the\nDebugLogs permission can read listed entities from a generated diagnostic\nbundle regardless of their respective permissions. \n* Align OCP4-CIS scanning benchmarks control numbers: The CIS control\nnumber has been added to compliance scan results to enable customers to\nreference the original control from the CIS benchmark standard. \n\nNotable technical changes:\n* eBPF is now the default collection method: Updated the default collection\nmethod for Collector to eBPF. \n\nDeprecated features:\n\n* RenamePolicyCategory and DeletePolicyCategory API endpoints\n* Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User,\nIndicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken,\nBackupPlugins, ImageIntegration, Notifier, SignatureIntegration,\nImageComponent\n* Retrieving groups by property\n* vulns fields of storage.Node object in response payload of v1/nodes\n* /v1/cves/suppress and /v1/cves/unsuppress\n\nRemoved features:\n\n* Anchore, Tenable, and Docker Trusted Registry integrations\n* External authorization plug-in for scoped access control\n* FROM option in the Disallowed Dockerfile line policy field\n* PodSecurityPolicy (PSP) Kubernetes objects\n\n3. Solution:\n\nTo take advantage of the new features, bug fixes, and enhancements in RHACS\n3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to\napply this update, which includes the changes described in this advisory,\nrefer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nROX-11898 - Release RHACS 3.71.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-29173\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR\nV/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF\n08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c\nmlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc\nF9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ\niu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P\n6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD\nwEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u\nXS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe\n3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP\n2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ\n+tIPRnmepo8=I5j4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. ==========================================================================\nUbuntu Security Notice USN-5613-2\nSeptember 19, 2022\n\nvim regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nUSN-5613-1 caused a regression in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nUSN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that Vim was not properly performing bounds checks\n when executing spell suggestion commands. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-0943)\n \n It was discovered that Vim was using freed memory when dealing with\n regular expressions through its old regular expression engine. If a user\n were tricked into opening a specially crafted file, an attacker could\n crash the application, leading to a denial of service, or possibly achieve\n code execution. (CVE-2022-1154)\n \n It was discovered that Vim was not properly performing checks on name of\n lambda functions. An attacker could possibly use this issue to cause a\n denial of service. This issue affected only Ubuntu 22.04 LTS. \n (CVE-2022-1420)\n \n It was discovered that Vim was incorrectly performing bounds checks\n when processing invalid commands with composing characters in Ex\n mode. An attacker could possibly use this issue to cause a denial of\n service or execute arbitrary code. (CVE-2022-1616)\n \n It was discovered that Vim was not properly processing latin1 data\n when issuing Ex commands. An attacker could possibly use this issue to\n cause a denial of service or execute arbitrary code. (CVE-2022-1619)\n \n It was discovered that Vim was not properly performing memory\n management when dealing with invalid regular expression patterns in\n buffers. An attacker could possibly use this issue to cause a denial of\n service. (CVE-2022-1620)\n \n It was discovered that Vim was not properly processing invalid bytes\n when performing spell check operations. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1621"
},
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "167838"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "168420"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1621",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "167853",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167985",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167778",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071342",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3554",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3873",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3644",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167838",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167984",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-419734",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168036",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "167838"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"id": "VAR-202205-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419734"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:28:00.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193122"
},
{
"title": "Red Hat: Moderate: vim security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225319 - Security Advisory"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1621"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Red Hat: Moderate: ACS 3.71 enhancement and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225704 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225909 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225556 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225908 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225673 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225531 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225840 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225070 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226526 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072631"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071342"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070109"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3644"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-in-vim-strncpy-find-word-38384"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1621/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3873"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3697"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3697"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5908"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "167838"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419734"
},
{
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "167838"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-419734"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"date": "2022-08-05T14:52:04",
"db": "PACKETSTORM",
"id": "167985"
},
{
"date": "2022-08-10T15:54:58",
"db": "PACKETSTORM",
"id": "168036"
},
{
"date": "2022-07-27T17:32:40",
"db": "PACKETSTORM",
"id": "167853"
},
{
"date": "2022-07-27T17:26:20",
"db": "PACKETSTORM",
"id": "167838"
},
{
"date": "2022-08-05T14:51:51",
"db": "PACKETSTORM",
"id": "167984"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"date": "2022-05-10T14:15:08.460000",
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-419734"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1621"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2826"
},
{
"date": "2024-11-21T06:41:06.763000",
"db": "NVD",
"id": "CVE-2022-1621"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vim Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2826"
}
],
"trust": 0.6
}
}
var-202206-0213
Vulnerability from variot
Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a memory misreference vulnerability in versions before Vim 8.2. The vulnerability is caused by the confusion of the program's instructions responsible for releasing memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5050"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1968",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1968",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1968",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1968",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1968",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-424043",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1968",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a memory misreference vulnerability in versions before Vim 8.2. The vulnerability is caused by the confusion of the program\u0027s instructions responsible for releasing memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167729"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1968",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "167729",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3347",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070807",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-46167",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-424043",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1968",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167729"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"id": "VAR-202206-0213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424043"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:30:01.858000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=195750"
},
{
"title": "Ubuntu Security Notice: USN-5507-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5507-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1968"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167729/ubuntu-security-notice-usn-5507-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070807"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1968/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-find-pattern-in-path-38627"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3347"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5507-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167729"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424043"
},
{
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167729"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-424043"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-11T14:35:31",
"db": "PACKETSTORM",
"id": "167729"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"date": "2022-06-02T14:15:34.390000",
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-424043"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1968"
},
{
"date": "2023-08-21T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-011260"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-306"
},
{
"date": "2024-11-21T06:41:51.430000",
"db": "NVD",
"id": "CVE-2022-1968"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011260"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-306"
}
],
"trust": 0.6
}
}
var-202202-0156
Vulnerability from variot
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4397"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415148",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1396",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415148",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0629",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0629",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-13367",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0629",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"id": "VAR-202202-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:22:34.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0using\u00a0many\u00a0composing\u00a0characters\u00a0in\u00a0error\u00a0message Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183183"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0629"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uurgabndl77yr5frqktfbynbdqx2ko7q/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uurgabndl77yr5frqktfbynbdqx2ko7q/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0629"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ga-concat-shorten-esc-37625"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-415148"
},
{
"date": "2022-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"date": "2023-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"date": "2022-02-17T12:15:07.810000",
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-415148"
},
{
"date": "2022-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"date": "2023-06-13T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"date": "2022-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"date": "2024-11-21T06:39:04.147000",
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
],
"trust": 0.6
}
}
var-202201-0405
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates Advisory ID: RHSA-2022:1083-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1083 Issue date: 2022-03-28 CVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 CVE-2021-45960 CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 CVE-2022-0847 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 =====================================================================
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.8 General Availability release images, which provide security and container updates.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- References:
https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0144 https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4215"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166516"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0361",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-413344",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0361",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0361",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0361",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0361",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2451",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413344",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates\nAdvisory ID: RHSA-2022:1083-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1083\nIssue date: 2022-03-28\nCVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 \n CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 \n CVE-2021-45960 CVE-2021-46143 CVE-2022-0144 \n CVE-2022-0155 CVE-2022-0235 CVE-2022-0261 \n CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 \n CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 \n CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 \n CVE-2022-0536 CVE-2022-0847 CVE-2022-22822 \n CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 \n CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 \n CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 \n CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 \n CVE-2022-25315 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 General\nAvailability release images, which provide security and container updates. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous\nerrata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-0920\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-4154\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0144\nhttps://access.redhat.com/security/cve/CVE-2022-0155\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0261\nhttps://access.redhat.com/security/cve/CVE-2022-0318\nhttps://access.redhat.com/security/cve/CVE-2022-0330\nhttps://access.redhat.com/security/cve/CVE-2022-0359\nhttps://access.redhat.com/security/cve/CVE-2022-0361\nhttps://access.redhat.com/security/cve/CVE-2022-0392\nhttps://access.redhat.com/security/cve/CVE-2022-0413\nhttps://access.redhat.com/security/cve/CVE-2022-0435\nhttps://access.redhat.com/security/cve/CVE-2022-0492\nhttps://access.redhat.com/security/cve/CVE-2022-0516\nhttps://access.redhat.com/security/cve/CVE-2022-0536\nhttps://access.redhat.com/security/cve/CVE-2022-0847\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-22942\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-413344",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0361",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166323",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0921",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031527",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060217",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032446",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-413344",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0361",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"id": "VAR-202201-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:29:20.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=179902"
},
{
"title": "Red Hat: Moderate: vim security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220894 - Security Advisory"
},
{
"title": "Red Hat: CVE-2022-0361",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0361"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-023"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ex-copy-37711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031527"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032446"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040631"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0921"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0894"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2022/alas-2022-023.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413344"
},
{
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-413344"
},
{
"date": "2022-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"date": "2023-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2022-03-24T14:36:50",
"db": "PACKETSTORM",
"id": "166433"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"date": "2022-01-26T13:15:07.870000",
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413344"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0361"
},
{
"date": "2023-04-10T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-004368"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2451"
},
{
"date": "2024-11-21T06:38:27.547000",
"db": "NVD",
"id": "CVE-2022-0361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2451"
}
],
"trust": 0.6
}
}
var-202206-1424
Vulnerability from variot
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to vim 8.2.4956. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4956"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1720",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-422484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1720",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1720",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1720",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1720",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1720",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1720",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422484",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1720",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to vim 8.2.4956. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-422484",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1720",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-68098",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-422484",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"id": "VAR-202206-1424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:01:12.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198476"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-grab-file-name-38630"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1720/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-422484"
},
{
"date": "2022-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"date": "2022-06-20T15:15:10.267000",
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-422484"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"date": "2023-08-23T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"date": "2023-11-07T03:42:08.393000",
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
],
"trust": 0.6
}
}
var-202205-1003
Vulnerability from variot
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4938"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-419787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1674",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1674",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1674",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1674",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1674",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1674",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419787",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1674",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1674",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419787",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1674",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"id": "VAR-202205-1003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:21:59.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0matching\u00a0buffer\u00a0with\u00a0invalid\u00a0pattern Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193802"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1674"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/odxvyzc5z4xrrzk7ck6b6iuryvyha25u/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/odxvyzc5z4xrrzk7ck6b6iuryvyha25u/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1674"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1674/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-vim-regexec-string-38405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-419787"
},
{
"date": "2022-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"date": "2022-05-12T11:15:07.363000",
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-419787"
},
{
"date": "2022-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"date": "2023-08-16T01:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"date": "2024-11-21T06:41:13.813000",
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
],
"trust": 0.6
}
}
var-202204-0838
Vulnerability from variot
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0838",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4763"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1381",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.4,
"id": "CVE-2022-1381",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1381",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1381",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3649",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419494",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1381",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1381",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419494",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"id": "VAR-202204-0838",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:02:41.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\"\u00a0in\u00a0Ex\u00a0mode Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190687"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1381"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1381"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-skip-range-38137"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1381/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-419494"
},
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"date": "2023-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"date": "2022-04-18T01:15:10.183000",
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-419494"
},
{
"date": "2022-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"date": "2023-08-08T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"date": "2024-11-21T06:40:36.850000",
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
],
"trust": 0.6
}
}
var-202201-0369
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. Vim is an editor based on the UNIX platform. Summary:
The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
-
golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)
-
golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)
-
golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
-
golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:0894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0894 Issue date: 2022-03-15 CVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: vim-X11-8.0.1763-16.el8_5.12.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm
noarch: vim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm
ppc64le: vim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm
s390x: vim-X11-8.0.1763-16.el8_5.12.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm
x86_64: vim-X11-8.0.1763-16.el8_5.12.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: vim-8.0.1763-16.el8_5.12.src.rpm
aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm
ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm
s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm
x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- This update provides security fixes, bug fixes, and updates the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
Related bugs:
-
RHACM 2.4.3 image files (BZ #2057249)
-
Observability - dashboard name contains
/would cause error when generating dashboard cm (BZ #2032128) -
ACM application placement fails after renaming the application name (BZ
2033051)
-
Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
-
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
-
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
-
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ
2048500)
-
clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
-
Application cluster status is not updated in UI after restoring (BZ
2053279)
-
OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
-
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
-
Subscriptions stop reconciling after channel secrets are recreated (BZ
2059954)
-
Placementrule is not reconciling on a new fresh environment (BZ #2074156)
-
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
-
Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- ========================================================================== Ubuntu Security Notice USN-5801-1 January 12, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Vim. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 (CVE-2022-0392)
It was discovered that Vim makes illegal memory calls when making certain retab calls. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-0417)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.3 vim-athena 2:8.2.3995-1ubuntu2.3 vim-gtk 2:8.2.3995-1ubuntu2.3 vim-gtk3 2:8.2.3995-1ubuntu2.3 vim-nox 2:8.2.3995-1ubuntu2.3 vim-tiny 2:8.2.3995-1ubuntu2.3 xxd 2:8.2.3995-1ubuntu2.3
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.11 vim-athena 2:8.1.2269-1ubuntu5.11 vim-gtk 2:8.1.2269-1ubuntu5.11 vim-gtk3 2:8.1.2269-1ubuntu5.11 vim-nox 2:8.1.2269-1ubuntu5.11 vim-tiny 2:8.1.2269-1ubuntu5.11 xxd 2:8.1.2269-1ubuntu5.11
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.10 vim-athena 2:8.0.1453-1ubuntu1.10 vim-gnome 2:8.0.1453-1ubuntu1.10 vim-gtk 2:8.0.1453-1ubuntu1.10 vim-gtk3 2:8.0.1453-1ubuntu1.10 vim-nox 2:8.0.1453-1ubuntu1.10 vim-tiny 2:8.0.1453-1ubuntu1.10 xxd 2:8.0.1453-1ubuntu1.10
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0369",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4218"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
}
],
"trust": 0.4
},
"cve": "CVE-2022-0392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-413614",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0392",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0392",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0392",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0392",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413614",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0392",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. Vim is an editor based on the UNIX platform. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:0894-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0894\nIssue date: 2022-03-15\nCVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359\n CVE-2022-0361 CVE-2022-0392 CVE-2022-0413\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nvim-X11-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm\n\nppc64le:\nvim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\n\ns390x:\nvim-X11-8.0.1763-16.el8_5.12.s390x.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\n\nx86_64:\nvim-X11-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nvim-8.0.1763-16.el8_5.12.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\n\nppc64le:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-0261\nhttps://access.redhat.com/security/cve/CVE-2022-0318\nhttps://access.redhat.com/security/cve/CVE-2022-0359\nhttps://access.redhat.com/security/cve/CVE-2022-0361\nhttps://access.redhat.com/security/cve/CVE-2022-0392\nhttps://access.redhat.com/security/cve/CVE-2022-0413\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. ==========================================================================\nUbuntu Security Notice USN-5801-1\nJanuary 12, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. This issue\naffected only Ubuntu 20.04 and 22.04 (CVE-2022-0392)\n\nIt was discovered that Vim makes illegal memory calls when making\ncertain retab calls. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-0417)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\nvim 2:8.2.3995-1ubuntu2.3\nvim-athena 2:8.2.3995-1ubuntu2.3\nvim-gtk 2:8.2.3995-1ubuntu2.3\nvim-gtk3 2:8.2.3995-1ubuntu2.3\nvim-nox 2:8.2.3995-1ubuntu2.3\nvim-tiny 2:8.2.3995-1ubuntu2.3\nxxd 2:8.2.3995-1ubuntu2.3\n\nUbuntu 20.04 LTS:\nvim 2:8.1.2269-1ubuntu5.11\nvim-athena 2:8.1.2269-1ubuntu5.11\nvim-gtk 2:8.1.2269-1ubuntu5.11\nvim-gtk3 2:8.1.2269-1ubuntu5.11\nvim-nox 2:8.1.2269-1ubuntu5.11\nvim-tiny 2:8.1.2269-1ubuntu5.11\nxxd 2:8.1.2269-1ubuntu5.11\n\nUbuntu 18.04 LTS:\nvim 2:8.0.1453-1ubuntu1.10\nvim-athena 2:8.0.1453-1ubuntu1.10\nvim-gnome 2:8.0.1453-1ubuntu1.10\nvim-gtk 2:8.0.1453-1ubuntu1.10\nvim-gtk3 2:8.0.1453-1ubuntu1.10\nvim-nox 2:8.0.1453-1ubuntu1.10\nvim-tiny 2:8.0.1453-1ubuntu1.10\nxxd 2:8.0.1453-1ubuntu1.10\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0392"
},
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "170515"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-413614",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0392",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166323",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170515",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031527",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032446",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0230",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-18519",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-413614",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0392",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "170515"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"id": "VAR-202201-0369",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:03:09.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=182662"
},
{
"title": "Ubuntu Security Notice: USN-5801-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5801-1"
},
{
"title": "Red Hat: CVE-2022-0392",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0392"
},
{
"title": "Red Hat: Moderate: vim security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220894 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1597",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1597"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-023"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-0392 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031527"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0230"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032446"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040631"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-bracketed-paste-37803"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170515/ubuntu-security-notice-usn-5801-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5801-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.11"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.10"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "170515"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413614"
},
{
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "170515"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-413614"
},
{
"date": "2022-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"date": "2022-05-05T17:35:22",
"db": "PACKETSTORM",
"id": "166976"
},
{
"date": "2022-03-15T15:50:42",
"db": "PACKETSTORM",
"id": "166323"
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431"
},
{
"date": "2022-04-21T15:12:25",
"db": "PACKETSTORM",
"id": "166812"
},
{
"date": "2023-01-13T15:03:12",
"db": "PACKETSTORM",
"id": "170515"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"date": "2022-01-28T22:15:15.527000",
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-413614"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0392"
},
{
"date": "2023-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2653"
},
{
"date": "2024-11-21T06:38:31.703000",
"db": "NVD",
"id": "CVE-2022-0392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2653"
}
],
"trust": 0.6
}
}
var-202112-1995
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in Vim, and no detailed vulnerability details are provided at present. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1995",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "vim",
"scope": "lte",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3912"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4187",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-409887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4187",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"id": "CVE-2021-4187",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4187",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4187",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-4187",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2749",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-409887",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4187",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in Vim, and no detailed vulnerability details are provided at present. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-409887",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4187",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05063",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-409887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"id": "VAR-202112-1995",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:05:14.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213343",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177153"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4187"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-split-argument-list-37185"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-409887"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"date": "2023-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"date": "2021-12-29T17:15:07.630000",
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-409887"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"date": "2023-01-18T03:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"date": "2024-11-21T06:37:06.110000",
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
],
"trust": 0.6
}
}
var-202206-1534
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5122"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2125",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426194",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2125",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2125",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2125",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2125",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2125",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1996",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426194",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2125",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426194",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2125",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426194",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"id": "VAR-202206-1534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:26:47.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212451"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2125"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2125"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2125/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-get-lisp-indent-38694"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426194"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"date": "2022-06-19T12:15:07.897000",
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426194"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"date": "2023-08-23T07:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"date": "2024-11-21T07:00:21.880000",
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
],
"trust": 0.6
}
}
var-202205-1905
Vulnerability from variot
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1905",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5013"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1851",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1851",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1851",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1851",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423375",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1851",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1851",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423375",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1851",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"id": "VAR-202205-1905",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:12.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "after\u00a0text\u00a0formatting\u00a0cursor\u00a0may\u00a0be\u00a0in\u00a0an\u00a0invalid\u00a0position Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194710"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1851"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-1851 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-src-textformat-c-38492"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1851/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-423375"
},
{
"date": "2022-05-25T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"date": "2022-05-25T13:15:07.770000",
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-423375"
},
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"date": "2023-08-21T06:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"date": "2024-11-21T06:41:36.563000",
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
],
"trust": 0.6
}
}
var-202112-2249
Vulnerability from variot
vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Vim is an editor based on the UNIX platform. Attackers can use this vulnerability to read files out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. The highest threat from this vulnerability is system availability. (CVE-2021-4136) A flaw was found in vim. (CVE-2021-4166) A flaw was found in vim. (CVE-2021-4173) A flaw was found in vim. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3884"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "factory",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "15.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "factory",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "linux enterprise",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4166",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408722",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4166",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4166",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4166",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4166",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-4166",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2266",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408722",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4166",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Vim is an editor based on the UNIX platform. Attackers can use this vulnerability to read files out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. The highest threat from this vulnerability is system availability. (CVE-2021-4136)\nA flaw was found in vim. (CVE-2021-4166)\nA flaw was found in vim. (CVE-2021-4173)\nA flaw was found in vim. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408722",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4166",
"trust": 3.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05062",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408722",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"id": "VAR-202112-2249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:49.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213343 Red hat Red\u00a0Hat",
"trust": 0.8,
"url": "https://www.debian.org/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176547"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4166"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-do-arg-all-37183"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-25T00:00:00",
"db": "VULHUB",
"id": "VHN-408722"
},
{
"date": "2021-12-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"date": "2022-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"date": "2021-12-25T19:15:07.280000",
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408722"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"date": "2022-12-26T02:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"date": "2024-11-21T06:37:03.080000",
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
],
"trust": 0.6
}
}
var-202206-1426
Vulnerability from variot
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5123"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2126",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2126",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2126",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2126",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1994",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426195",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2126",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426195",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2126",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426195",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"id": "VAR-202206-1426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:39:57.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=197751"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2126"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2126"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2126/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-suggest-trie-walk-38629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426195"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"date": "2022-06-19T13:15:07.887000",
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426195"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"date": "2023-08-23T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"date": "2024-11-21T07:00:22.050000",
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
],
"trust": 0.6
}
}
var-202205-2059
Vulnerability from variot
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Solution:
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1105 - IOR doesn't support a host with namespace/ prefix OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes OSSM-1800 - IOR should copy labels from Gateway to Route OSSM-1805 - Reconcile SMCP when Kiali is not available OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER OSSM-1868 - Container release for Maistra 2.2.2
-
Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Summary:
OpenShift sandboxed containers 1.3.1 is now available. Description:
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1] KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1] KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Summary:
This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Description:
The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Security Fix(es):
- github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. Bugs fixed (https://bugzilla.redhat.com/):
2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.13.0 security update Advisory ID: RHSA-2023:1326-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1326 Issue date: 2023-05-17 CVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-30570 CVE-2023-30841 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:1325
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
Security Fix(es):
-
goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
-
go-yaml: Denial of Service in go-yaml (CVE-2021-4235)
-
mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
helm: Denial of service through through repository index file (CVE-2022-23525)
-
helm: Denial of service through schema file (CVE-2022-23526)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
vault: insufficient certificate revocation list checking (CVE-2022-41316)
-
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
-
x/net/http2/h2c: request smuggling (CVE-2022-41721)
-
net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
-
golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
-
golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
-
exporter-toolkit: authentication bypass via cache poisoning (CVE-2022-46146)
-
vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)
-
hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)
-
hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)
-
helm: getHostByName Function Information Disclosure (CVE-2023-25165)
-
containerd: Supplementary groups are not set up properly (CVE-2023-25173)
-
runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
-
runc: AppArmor can be bypassed when
/procinside the container is symlinked with a specific mount configuration (CVE-2023-28642) -
baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841)
-
runc: Rootless runc makes
/sys/fs/cgroupwritable (CVE-2023-25809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags
The sha values for the release are:
(For x86_64 architecture) The image digest is sha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711
(For s390x architecture) The image digest is sha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79
(For ppc64le architecture) The image digest is sha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8
(For aarch64 architecture) The image digest is sha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]
1853264 - Metrics produce high unbound cardinality
1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot
1904573 - OpenShift: containers modify /etc/passwd group writable
1943194 - when using gpus, more nodes than needed are created by the node autoscaler
1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated
1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
2005232 - Pods list page should only show Create Pod button to user has sufficient permission
2016006 - Repositories list does not show the running pipelinerun as last pipelinerun
2027000 - The user is ignored when we create a new file using a MachineConfig
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047299 - nodeport not reachable port connection timeout
2050230 - Implement LIST call chunking in openshift-sdn
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2065166 - GCP - Less privileged service accounts are created with Service Account User role
2066388 - Wrong Error generates when https is missing in the value of regionEndpoint in configs.imageregistry.operator.openshift.io/cluster
2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles
2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud
2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode
2076619 - Could not create deployment with an unknown git repo and builder image build strategy
2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)
2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk
2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller
2083087 - "Delete dependent objects of this resource" might cause confusions
2084452 - PodDisruptionBudgets help message should be semantic
2087043 - Cluster API components should use K8s 1.24 dependencies
2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, "ap-northeast-2 (South Korea (Seoul))" and "ap-southeast-7 (Thailand (Bangkok))"
2089093 - CVO hotloops on OperatorGroup due to the diff of "upgradeStrategy": string("Default")
2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator
2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload
2092567 - Network policy is not being applied as expected
2092811 - Datastore name is too long
2093339 - [rebase v1.24] Only known images used by tests
2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11
2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface
2100429 - [apiserver-auth] default SCC restricted allow volumes don't have "ephemeral" caused deployment with Generic Ephemeral Volumes stuck at Pending
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2104978 - MCD degrades are not overwrite-able by subsequent errors
2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu
2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again
2110982 - On GCP, need to check load balancer health check IPs required for restricted installation
2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true
2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs
2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button
2116686 - [capi] Cluster kind should be valid
2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted
2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking
2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning
2154196 - CVE-2022-23526 helm: Denial of service through schema file
2154202 - CVE-2022-23525 helm: Denial of service through through repository index file
2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling
2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration
2182884 - CVE-2023-25809 runc: Rootless runc makes /sys/fs/cgroup writable
2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations
2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access
- JIRA issues fixed (https://issues.jboss.org/):
OCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api
OCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator
OCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator
OCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator
OCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator
OCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12
OCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED
OCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions
OCPBUGS-10220 - Newly provisioned machines unable to join cluster
OCPBUGS-10221 - Risk cache warming takes too long on channel changes
OCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry
OCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering
OCPBUGS-10249 - PollConsoleUpdates won't fire toast if one or more manifests errors when plugins change
OCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration
OCPBUGS-10271 - [4.13] Netflink overflow alert
OCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror
OCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS
OCPBUGS-10291 - Broken link for Ansible tagging
OCPBUGS-10298 - TenantID is ignored in some cases
OCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml
OCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod
OCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly
OCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap
OCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump
OCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire
OCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines
OCPBUGS-10404 - Workload annotation missing from deployments
OCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json
OCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied
OCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing --authfile flag
OCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly
OCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels
OCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI
OCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter.
OCPBUGS-1048 - if tag categories don't exist, the installation will fail to bootstrap
OCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error
OCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials
OCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata
OCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint
OCPBUGS-10597 - The agent-tui shows again during the installation
OCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, "Observe - Alerting - Silences" page is pending
OCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
OCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release
OCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning
OCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains
OCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found
OCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo
OCPBUGS-10679 - Show type of sample on the samples view
OCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy
OCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector
OCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool.
OCPBUGS-10710 - Metal virtual media job permafails during early bootstrap
OCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3
OCPBUGS-10739 - [4.13] Bootimage bump tracker
OCPBUGS-10744 - [4.13] EgressFirewall status disappeared
OCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13
OCPBUGS-10771 - upgrade test failure with "Cluster operator control-plane-machine-set is not available"
OCPBUGS-10773 - TestNewAppRun unit test failing
OCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group
OCPBUGS-10793 - Ignore device list missing in Node Exporter
OCPBUGS-10796 - [4.13] Egress firewall is not retried on error
OCPBUGS-10799 - Network policy perf improvements
OCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall
OCPBUGS-10811 - Missing vCenter build number in telemetry
OCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable
OCPBUGS-10826 - RHEL 9.2 doesn't contain the kernel-abi-whitelists package.
OCPBUGS-10832 - Edit Deployment (and DC) form doesn't enable Save button when changing strategy type
OCPBUGS-10833 - update the default pipelineRun template name
OCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process
OCPBUGS-10873 - OVN to OVN-H migration seems broken
OCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced
OCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image
OCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly
OCPBUGS-10892 - Passwords printed in log messages
OCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
OCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records
OCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc.
OCPBUGS-10907 - move to rhel9 in DTK for 4.13
OCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted
OCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release
OCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing
OCPBUGS-10929 - Kube 1.26 for ovn-k
OCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip
OCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately
OCPBUGS-10953 - ovnkube-node does not close up correctly
OCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways
OCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap
OCPBUGS-10965 - The network-tools image stream is missing in the cluster samples
OCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn't work in dualstack cluster
OCPBUGS-10989 - Agent create sub-command is returning fatal error
OCPBUGS-10990 - EgressIP doesn't work in GCP XPN cluster
OCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group
OCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder
OCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update
OCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before
OCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating
OCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours
OCPBUGS-11040 - --container-runtime is being removed in k8s 1.27
OCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region
OCPBUGS-11055 - APIServer service isn't selected correctly for PublicAndPrivate cluster when external-dns is not configured
OCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted
OCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI
OCPBUGS-11107 - Alerts display incorrect source when adding external alert sources
OCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel
OCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8
OCPBUGS-11213 - BMH moves to deleting before all finalizers are processed
OCPBUGS-11218 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository
OCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules
OCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes
OCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page
OCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert
OCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]
OCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node
OCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured
OCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers
OCPBUGS-11307 - Egress firewall node selector test missing
OCPBUGS-11333 - startupProbe for UWM prometheus is still 15m
OCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
OCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
OCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label
OCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile
OCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled
OCPBUGS-11390 - Service Binding Operator installation fails: "A subscription for this operator already exists in namespace ..."
OCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName
OCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation "k8s.v1.cni.cncf.io/networks-status", should be "k8s.v1.cni.cncf.io/network-status"
OCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN
OCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades
OCPBUGS-11460 - CPMS doesn't always generate configurations for AWS
OCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address
OCPBUGS-11469 - [release4.13] "exclude bundles with olm.deprecated property when rendering" not backport
OCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount
OCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF
OCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART
OCPBUGS-11506 - CPMS e2e periodics tests timeout failures
OCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename
OCPBUGS-11510 - Setting cpu-quota.crio.io to disable with crun causes container creation to fail
OCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400
OCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?
OCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector
OCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO
OCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO
OCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl
OCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9
OCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift
OCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART
OCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92
OCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image
OCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS
OCPBUGS-11669 - Bump to kubernetes 1.26.3
OCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe
OCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools
OCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes
OCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update
OCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9
OCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default
OCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script
OCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART
OCPBUGS-11789 - [4.13] Bootimage bump tracker
OCPBUGS-11799 - [4.13] Bootimage bump tracker
OCPBUGS-11823 - [Reliability]kube-apiserver's memory usage keep increasing to max 3GB in 7 days
OCPBUGS-11848 - PtpOperatorsConfig not applying correctly
OCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted
OCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially
OCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop
OCPBUGS-11908 - Got the file exists error when different digest direct to the same tag
OCPBUGS-11917 - the warn message won't disappear in co/node-tuning when scale down machineset
OCPBUGS-11919 - Console metrics could have a high cardinality (4.13)
OCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks
OCPBUGS-11955 - NTP config not applied
OCPBUGS-11968 - Instance shouldn't be moved back from f to a
OCPBUGS-11985 - [4.13] Ironic inspector service should be proxied
OCPBUGS-12172 - Users don't know what type of resource is being created by Import from Git or Deploy Image flows
OCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2
OCPBUGS-12186 - Pipeline doesn't render correctly when displayed but looks fine in edit mode
OCPBUGS-12198 - create hosted cluster failed with aws s3 access issue
OCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack
OCPBUGS-12225 - Add new OCP 4.13 storage admission plugin
OCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid
OCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator
OCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests
OCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected
OCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set
OCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time
OCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named
OCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores
OCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config
OCPBUGS-12698 - redfish-virtualmedia mount not working
OCPBUGS-12703 - redfish-virtualmedia mount not working
OCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host
OCPBUGS-1272 - "opm alpha render-veneer basic" doesn't support pipe stdin
OCPBUGS-12737 - Multus admission controller must have "hypershift.openshift.io/release-image" annotation when CNO is managed by Hypershift
OCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA
OCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting
OCPBUGS-12854 - cluster-reader role cannot access "k8s.ovn.org" API Group resources
OCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack
OCPBUGS-12865 - Kubernetes-NMState CI is perma-failing
OCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode
OCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN
OCPBUGS-12999 - Backport owners through 4.13, 4.12
OCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-13057 - ppc64le releases don't install because ovs fails to start (invalid permissions)
OCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]
OCPBUGS-13071 - CI fails on TestClientTLS
OCPBUGS-13072 - Capture tests don't work in OVNK
OCPBUGS-13076 - Load balancers/ Ingress controller removal race condition
OCPBUGS-13157 - CI fails on TestRouterCompressionOperation
OCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies
OCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up
OCPBUGS-1352 - OVN silently failing in case of a stuck pod
OCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices
OCPBUGS-1428 - service account token secret reference
OCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns
OCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12
OCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric
OCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused
OCPBUGS-1486 - Avoid re-metric'ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election
OCPBUGS-1557 - Default to floating automaticRestart for new GCP instances
OCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config
OCPBUGS-1565 - Possible split brain with keepalived unicast
OCPBUGS-1566 - Automation Offline CPUs Test cases
OCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces
OCPBUGS-1604 - Common resources out-of-date when using multicluster switcher
OCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters
OCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain
OCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration
OCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain
OCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created
OCPBUGS-166 - 4.11 SNOs fail to complete install because of "failed to get pod annotation: timed out waiting for annotations: context deadline exceeded"
OCPBUGS-1665 - Scorecard failed because of the request of PodSecurity
OCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided
OCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed
OCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and "NodePortService" endpoint publishing strategy
OCPBUGS-1741 - Can't load additional Alertmanager templates with latest 4.12 OpenShift
OCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace
OCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly
OCPBUGS-1769 - gracefully fail when iam:GetRole is denied
OCPBUGS-1778 - Can't install clusters with schedulable masters
OCPBUGS-1791 - Wait-for install-complete did not exit upon completion.
OCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn't list multiple datacenters when specified
OCPBUGS-1807 - Ingress Operator startup bad log message formatting
OCPBUGS-1844 - Ironic dnsmasq doesn't include existing DNS settings during iPXE boot
OCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn't land on correct URL
OCPBUGS-186 - PipelineRun task status overlaps status text
OCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node
OCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator
OCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it
OCPBUGS-2088 - User can set rendezvous host to be a worker
OCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8
OCPBUGS-2145 - 'maxUnavailable' and 'minAvailable' on PDB creation page - i18n misses
OCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled
OCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error "alicloud: unable to split instanceid and region from providerID"
OCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts
OCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can't be changed by typing in it.
OCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week
OCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by 'publish: Internal' failed due to 'dns_public_record'
OCPBUGS-2440 - unknown field logs in prometheus-operator
OCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails
OCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode
OCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering
OCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for "registry.ci.openshift.org"
OCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests
OCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed
OCPBUGS-2551 - "Error loading" when normal user check operands on All namespaces
OCPBUGS-2569 - ovn-k network policy races
OCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization
OCPBUGS-266 - Project Access tab cannot differentiate between users and groups
OCPBUGS-2666 - create a project link not backed by RBAC check
OCPBUGS-272 - Getting duplicate word "find" when kube-apiserver degraded=true if webhook matches a virtual resource
OCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates
OCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster
OCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size.
OCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]
OCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page
OCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
OCPBUGS-2841 - Need validation rule for supported arch
OCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update
OCPBUGS-2847 - GCP XPN should only be available with Tech Preview
OCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror
OCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded
OCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster
OCPBUGS-2873 - Prometheus doesn't reload TLS certificate and key files on disk
OCPBUGS-2886 - The LoadBalaner section shouldn't be set when using Kuryr on cloud-provider
OCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener
OCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters
OCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled
OCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints
OCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop
OCPBUGS-2922 - 'Status' column sorting doesn't work as expected
OCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args
OCPBUGS-2934 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node
OCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses
OCPBUGS-2946 - [AWS] curl network Loadbalancer always get "Connection time out"
OCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range
OCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
OCPBUGS-2991 - CI jobs are failing with: admission webhook "validation.csi.vsphere.vmware.com" denied the request
OCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations
OCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing
OCPBUGS-2996 - [4.13] Bootimage bump tracker
OCPBUGS-3018 - panic in WaitForBootstrapComplete
OCPBUGS-3021 - GCP: missing me-west1 region
OCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer
OCPBUGS-3027 - Metrics are not available when running console in development mode
OCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup
OCPBUGS-3033 - Clicking the logo in the masthead goes to /dashboards, even if metrics are disabled
OCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters
OCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn't take effect.
OCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed
OCPBUGS-3079 - RPS hook only sets the first queue, but there are now many
OCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
OCPBUGS-3093 - The control plane should tag AWS security groups at creation
OCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked
OCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being
OCPBUGS-3114 - CNO reporting incorrect status
OCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions
OCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog
OCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]
OCPBUGS-3172 - Console shouldn't try to install dynamic plugins if permissions aren't available
OCPBUGS-3180 - Regression in ptp-operator conformance tests
OCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install
OCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails
OCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm
OCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster
OCPBUGS-3207 - SCOS build fails due to pinned kernel
OCPBUGS-3214 - Installer does not always add router CA to kubeconfig
OCPBUGS-3228 - Broken secret created while starting a Pipeline
OCPBUGS-3235 - Topology gets stuck loading
OCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update
OCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]
OCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands
OCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up
OCPBUGS-3275 - No-op: Unable to retrieve machine from node "xxx": expecting one machine for node xxx got: []
OCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service
OCPBUGS-3278 - Shouldn't need to put host data in platform baremetal section in installconfig
OCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation
OCPBUGS-3283 - remove unnecessary RBAC in KCM
OCPBUGS-3292 - DaemonSet "/openshift-network-diagnostics/network-check-target" is not available
OCPBUGS-3314 - 'gitlab.secretReference' disappears when the buildconfig is edited on ?From View?
OCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list
OCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset
OCPBUGS-3331 - Update dependencies in CMO release 4.13
OCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model
OCPBUGS-3337 - revert "force cert rotation every couple days for development" in 4.12
OCPBUGS-3338 - Environment cannot find Python
OCPBUGS-3358 - Revert BUILD-407
OCPBUGS-3372 - error message is too generic when creating a silence with end time before start
OCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page
OCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths
OCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments
OCPBUGS-3382 - Unable to configure cluster-wide proxy
OCPBUGS-3391 - seccomp profile unshare.json missing from nodes
OCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving.
OCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work
OCPBUGS-3414 - Missing 'ImageContentSourcePolicy' and 'CatalogSource' in the oci fbc feature implementation
OCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without "CSISnapshot" capability
OCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests
OCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster
OCPBUGS-3440 - Authentication operator doesn't respond to console being enabled
OCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console
OCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters
OCPBUGS-3456 - track rhcos-4.12 branch for fedora-coreos-config submodule
OCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages
OCPBUGS-3465 - IBM operator needs deployment manifest fixes
OCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components
OCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page
OCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling
OCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior
OCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior
OCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation
OCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady
OCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure
OCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin
OCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working
OCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1
OCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags
OCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances
OCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS
OCPBUGS-3662 - don't enforce PSa in 4.12
OCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down
OCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI
OCPBUGS-3676 - After node's reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod
OCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency
OCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form
OCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions
OCPBUGS-3714 - 'oc adm upgrade ...' should expose ClusterVersion Failing=True
OCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated
OCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin
OCPBUGS-3755 - Create Alertmanager silence form does not explain the new "Negative matcher" option
OCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod
OCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image
OCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy
OCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed
OCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues
OCPBUGS-3797 - [4.13] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs."
OCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger "Delete CSV"
OCPBUGS-3827 - CCM not able to remove a LB in ERROR state
OCPBUGS-3877 - RouteTargetReference missing default for "weight" in Route CRD v1 schema
OCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator
OCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly
OCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states
OCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP
OCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true
OCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready
OCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set
OCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory
OCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected
OCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later
OCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13
OCPBUGS-3931 - When all extensions are installed, "libkadm5" rpm package is duplicated in the rpm -q command
OCPBUGS-3933 - Fails to deprovision cluster when swift omits 'content-type'
OCPBUGS-3945 - Handle 0600 kubeconfig
OCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load
OCPBUGS-3960 - Use kernel-rt from ose repo
OCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
OCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue.
OCPBUGS-3974 - CIRO panics when suspended flag is nil
OCPBUGS-3975 - "Failed to open directory, disabling udev device properties" in node-exporter logs
OCPBUGS-3978 - AWS EBS CSI driver operator is degraded without "CSISnapshot" capability
OCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets
OCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml
OCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass
OCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks
OCPBUGS-4000 - fix operator naming convention
OCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated
OCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu
OCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed
OCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret
OCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one
OCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy
OCPBUGS-4054 - cluster-ingress-operator's configurable-route controller's startup is noisy
OCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic
OCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend
OCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting
OCPBUGS-4110 - Form footer buttons are misaligned in web terminal form
OCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes
OCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay
OCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change
OCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured
OCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token
OCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal
OCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text
OCPBUGS-4207 - Remove debug level logging on openshift-config-operator
OCPBUGS-4219 - Add runbook link to PrometheusRuleFailures
OCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450
OCPBUGS-4232 - CNCC: Wrong log format for Azure locking
OCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface
OCPBUGS-4252 - Node Terminal tab results in error
OCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather
OCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues
OCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues
OCPBUGS-4280 - Return 0 when oc import-image failed
OCPBUGS-4282 - [IR-269]Can't pull sub-manifest image using imagestream of manifest list
OCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.
OCPBUGS-4293 - Specify resources.requests for operator pod
OCPBUGS-4298 - Specify resources.requests for operator pod
OCPBUGS-4302 - Specify resources.requests for operator pod
OCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3
OCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size
OCPBUGS-4328 - Update installer images to be consistent with ART
OCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state
OCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13
OCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars
OCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely
OCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console
OCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2
OCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full
OCPBUGS-4367 - Debug log messages missing from output and Info messages malformed
OCPBUGS-4377 - Service name search ability while creating the Route from console
OCPBUGS-4401 - limit cluster-policy-controller RBAC permissions
OCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network
OCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not
OCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode
OCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator
OCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing
OCPBUGS-4483 - apply retry logic to ovnk-node controllers
OCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig
OCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig
OCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia
OCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout
OCPBUGS-4516 - oc-mirror does not work as expected relative path for OCI format copy
OCPBUGS-4517 - Better to detail the --command-os of mac for oc adm release extract command
OCPBUGS-4521 - all kubelet targets are down after a few hours
OCPBUGS-4524 - Hold lock when deleting completed pod during update event
OCPBUGS-4525 - Don't log in iterateRetryResources when there are no retry entries
OCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test
OCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region
OCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region
OCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region
OCPBUGS-4541 - Azure: remove deprecated ADAL
OCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]
OCPBUGS-4549 - Azure: replace deprecated AD Graph API
OCPBUGS-4550 - [CI] console-operator produces more watch requests than expected
OCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to "A specific namespace on the cluster"
OCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP
OCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN
OCPBUGS-4630 - Bump documentationBaseURL to 4.13
OCPBUGS-4635 - [OCP 4.13] ironic container images have old packages
OCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO
OCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0
OCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO
OCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update
OCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync
OCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17
OCPBUGS-4691 - Topology sidebar actions doesn't show the latest resource data
OCPBUGS-4692 - PTP operator: Use priority class node critical
OCPBUGS-4700 - read-only update UX: confusing "Update blocked" pop-up
OCPBUGS-4701 - read-only update UX: confusing "Control plane is hosted" banner
OCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds
OCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged
OCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation
OCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire
OCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS
OCPBUGS-4756 - OLM generates invalid component selector labels
OCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)
OCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)
OCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider 'ec2'
OCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19
OCPBUGS-4781 - Get Helm Release seems to be using List Releases api
OCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference
OCPBUGS-4802 - Update formatting with gofmt for go1.19
OCPBUGS-4825 - Pods completed + deleted may leak
OCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1
OCPBUGS-4873 - openshift-marketplace namespace missing "audit-version" and "warn-version" PSA label
OCPBUGS-4874 - Baremetal host data is still sometimes required
OCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type
OCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service
OCPBUGS-4899 - coreos-installer output not available in the logs
OCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters
OCPBUGS-4906 - Cross-namespace template processing is not being tested
OCPBUGS-4909 - Can't reach own service when egress netpol are enabled
OCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP
OCPBUGS-4941 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containers
OCPBUGS-4950 - OLM K8s Dependencies should be at 1.25
OCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup
OCPBUGS-4955 - Bundle Unpacker Using "Always" ImagePullPolicy for digests
OCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered
OCPBUGS-4975 - Missing translation in ceph storage plugin
OCPBUGS-4986 - precondition: Do not claim warnings would have blocked
OCPBUGS-4997 - Agent ISO does not respect proxy settings
OCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI
OCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver
OCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather
OCPBUGS-5016 - Editing Pipeline in the ocp console to get information error
OCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.
OCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors
OCPBUGS-5045 - unit test data race with egress ip tests
OCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used
OCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80.
OCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout
OCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource
OCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn't be allowed
OCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks
OCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance
OCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12
OCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command"
OCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s
OCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
OCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing
OCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX
OCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5
OCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family
OCPBUGS-5188 - Wrong message in MCCDrainError alert
OCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets
OCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure
OCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal
OCPBUGS-5275 - remove unnecessary RBAC in OCM
OCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail
OCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]
OCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level
OCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network
OCPBUGS-5346 - Reported vSphere Connection status is misleading
OCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled
OCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard
OCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn't restore its snapshot successfully
OCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire
OCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions
OCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13
OCPBUGS-5458 - wal: max entry size limit exceeded
OCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch
OCPBUGS-5466 - Default CatalogSource aren't always reverted to default settings
OCPBUGS-5492 - CI "[Feature:bond] should create a pod with bond interface" fail for MTU migration jobs
OCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes
OCPBUGS-5498 - Host inventory quick start for OCP
OCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism
OCPBUGS-5508 - Report topology usage in vSphere environment via telemetry
OCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible
OCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures
OCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write
OCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests
OCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash
OCPBUGS-5540 - Typo in WTO for Milliseconds
OCPBUGS-5542 - Project dropdown order is not as smart as project list page order
OCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec
OCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted
OCPBUGS-5559 - add default noProxy config for Azure
OCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page
OCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public
OCPBUGS-5736 - The main section of the page will keep loading after normal user login
OCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
OCPBUGS-5802 - update sprig to v3 in cno
OCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary
OCPBUGS-5842 - executes /host/usr/bin/oc
OCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand
OCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing "etcd Object Count" dashboard to only show OpenShift resources
OCPBUGS-5888 - Failed to install 4.13 ocp on SNO with "error during syncRequiredMachineConfigPools"
OCPBUGS-5891 - oc-mirror heads-only does not work with target name
OCPBUGS-5903 - gather default ingress controller definition
OCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout
OCPBUGS-5939 - revert "force cert rotation every couple days for development" in 4.13
OCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource
OCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope
OCPBUGS-5959 - [4.13] Bootimage bump tracker
OCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly
OCPBUGS-5991 - Kube APIServer panics in admission controller
OCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered
OCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
OCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled
OCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades
OCPBUGS-6026 - cannot change /etc folder ownership inside pod
OCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image
OCPBUGS-6049 - Do not show UpdateInProgress when status is Failing
OCPBUGS-6053 - availableUpdates: null results in run-time error on Cluster Settings page
OCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41
OCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI
OCPBUGS-6089 - Unnecessary event reprocessing
OCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection
OCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly
OCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider
OCPBUGS-6101 - Daemonset is not upgraded after operator upgrade
OCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack
OCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART
OCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART
OCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART
OCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART
OCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART
OCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART
OCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART
OCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART
OCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART
OCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART
OCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART
OCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART
OCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART
OCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART
OCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART
OCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART
OCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART
OCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART
OCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART
OCPBUGS-6262 - Add more logs to "oc extract" in mco-first boot service
OCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease
OCPBUGS-6270 - Irrelevant vsphere platform data is required
OCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace
OCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted
OCPBUGS-6486 - Image upload fails when installing cluster
OCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade
OCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff
OCPBUGS-6507 - Don't retry network policy peer pods if ips couldn't be fetched
OCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed
OCPBUGS-6610 - Developer - Topology : 'Filter by resource' drop-down i18n misses
OCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region
OCPBUGS-6624 - Issue deploying the master node with IPI
OCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds
OCPBUGS-6646 - Ingress node firewall CI is broken with latest
OCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses
OCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy
OCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox
OCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined
OCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent
OCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator's ensureNodePortService
OCPBUGS-6700 - Cluster-ingress-operator's updateIngressClass function logs success message when error
OCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup
OCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46
OCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes
OCPBUGS-6722 - s390x: failed to generate asset "Image": multiple "disk" artifacts found
OCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer
OCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated
OCPBUGS-6741 - opm fails to serve FBC if cachedir not provided
OCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column
OCPBUGS-6760 - Couldn't update/delete cpms on gcp private cluster
OCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page
OCPBUGS-6765 - "Delete dependent objects of this resource" might cause confusions
OCPBUGS-6777 - [gcp][CORS-1988] "create manifests" without an existing "install-config.yaml" missing 4 YAML files in "
OCPBUGS-7421 - Missing i18n key for PAC section in Git import form
OCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1
OCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time
OCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly
OCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere
OCPBUGS-7483 - Hypershift installs on "platform: none" are broken
OCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged
OCPBUGS-7495 - Platform type is ignored
OCPBUGS-7517 - Helm page crashes on old releases with a new Secret
OCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal
OCPBUGS-7523 - Add new AWS regions for ROSA
OCPBUGS-7542 - Bump router to k8s APIs v0.26.1
OCPBUGS-7555 - Enable default sysctls for kubelet
OCPBUGS-7558 - Rebase coredns to 1.10.1
OCPBUGS-7563 - vSphere install can't complete with out-of-tree CCM
OCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse
OCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected
OCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)
OCPBUGS-7617 - Azure Disk volume is taking time to attach/detach
OCPBUGS-7622 - vSphere UPI jobs failing with 'Managed cluster should have machine resources'
OCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1
OCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4
OCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true
OCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2
OCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig
OCPBUGS-7729 - Remove ETCD liviness probe.
OCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped
OCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2
OCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config
OCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon
OCPBUGS-7754 - ART having trouble building olm images
OCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable
OCPBUGS-7785 - migrate to using Lease for leader election
OCPBUGS-7806 - add "nfs-export" under PV details page
OCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file
OCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP
OCPBUGS-7833 - Storage tests failing in no-capabilities job
OCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure
OCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json
OCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work
OCPBUGS-7879 - Devfile isn't be processed correctly on 'Add from git repo'
OCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI
OCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC
OCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated
OCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context
OCPBUGS-794 - OLM version rule is not clear
OCPBUGS-7940 - apiserver panics in admission controller
OCPBUGS-7943 - AzureFile CSI driver does not compile with cachito
OCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by
OCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source
OCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed
OCPBUGS-8086 - Visual issues with listing items
OCPBUGS-8243 - [release 4.13] Gather Monitoring pods' Persistent Volumes
OCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2
OCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO
OCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies
OCPBUGS-8341 - Unable to set capabilities with agent installer based installation
OCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing
OCPBUGS-8353 - PXE support is incomplete
OCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint
OCPBUGS-8401 - Bump openshift/origin to kube 1.26.2
OCPBUGS-8424 - ControlPlaneMachineSet: Machine's Node should be Ready to consider the Machine Ready
OCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig
OCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview
OCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names
OCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job
OCPBUGS-8481 - CAPI rebases 4.13 backports
OCPBUGS-8490 - agent-tui: display additional checks only when primary check fails
OCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
OCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart
OCPBUGS-8511 - [4.13+ ONLY] Don't use port 80 in bootstrap IPI bare metal
OCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded
OCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local
OCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names
OCPBUGS-8699 - Metal IPI Install Rate Below 90%
OCPBUGS-8701 - oc patch project not working with OCP 4.12
OCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth
OCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2
OCPBUGS-8710 - [4.13] don't enforce PSa in 4.13
OCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator
OCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view
OCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10
OCPBUGS-8742 - Origin tests should not specify readyz as the health check path
OCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks
OCPBUGS-8941 - Introduce tooltips for contextual information
OCPBUGS-904 - Alerts from MCO are missing namespace
OCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don't seem to reach the pods
OCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length
OCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change
OCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer
OCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases
OCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs
OCPBUGS-9338 - editor toggle radio input doesn't have distinguishable attributes
OCPBUGS-9389 - Detach code in vsphere csi driver is failing
OCPBUGS-948 - OLM sets invalid SCC label on its namespaces
OCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin
OCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview
OCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
OCPBUGS-9926 - Enable node healthz server for ovnk in CNO
OCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates
OCPBUGS-9957 - Garbage collect grafana-dashboard-etcd
OCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index
OCPBUGS-9963 - Better to change the error information more clearly to help understand
OCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
- References:
https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-20329 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-3080 https://access.redhat.com/security/cve/CVE-2022-3259 https://access.redhat.com/security/cve/CVE-2022-4203 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23525 https://access.redhat.com/security/cve/CVE-2022-23526 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-38023 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-46146 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0056 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0216 https://access.redhat.com/security/cve/CVE-2023-0217 https://access.redhat.com/security/cve/CVE-2023-0229 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0401 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-0778 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25165 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-25577 https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/cve/CVE-2023-25809 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-28642 https://access.redhat.com/security/cve/CVE-2023-30570 https://access.redhat.com/security/cve/CVE-2023-30841 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ IT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC LpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb dYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy tnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc PSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK o1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T cTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy 4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8 TMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ 8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H XbiJN3SZj5U= =WGO2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fixes:
- moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
-
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
-
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
-
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
-
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
-
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
-
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
-
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
-
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
-
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
-
managed cluster is in "unknown" state for 120 mins after OADP restore
-
RHACM 2.5.2 images (BZ# 2104553)
-
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
-
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
-
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
-
cluster uninstall log points to incorrect container name (BZ# 2107359)
-
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
-
Single node checkbox not visible for 4.11 images (BZ# 2109134)
-
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
-
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
-
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
-
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
-
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
-
Bugs fixed (https://bugzilla.redhat.com/):
2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.0.5023"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
}
],
"trust": 0.8
},
"cve": "CVE-2022-1897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1897",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1897",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1897",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1897",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-423551",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Solution:\n\nThe OpenShift Service Mesh Release Notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1105 - IOR doesn\u0027t support a host with namespace/ prefix\nOSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start\nOSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing\nOSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace\nOSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes\nOSSM-1800 - IOR should copy labels from Gateway to Route\nOSSM-1805 - Reconcile SMCP when Kiali is not available\nOSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER\nOSSM-1868 - Container release for Maistra 2.2.2\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nKATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]\nKATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]\nKATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator\nKATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Summary:\n\nThis is an updated release of the Self Node Remediation Operator. The Self\nNode Remediation Operator replaces the Poison Pill Operator, and is\ndelivered by Red Hat Workload Availability. Description:\n\nThe Self Node Remediation Operator works in conjunction with the Machine\nHealth Check or the Node Health Check Operators to provide automatic\nremediation of unhealthy nodes by rebooting them. This minimizes downtime\nfor stateful applications and RWO volumes, as well as restoring compute\ncapacity in the event of transient failures. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* github.com/Masterminds/vcs: Command Injection via argument injection\n(CVE-2022-21235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. Bugs fixed (https://bugzilla.redhat.com/):\n\n2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-15446 - (release-4.11) gather \"gateway-mode-config\" config map from \"openshift-network-operator\" namespace\nOCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading \u0027apiGroup\u0027)\nOCPBUGS-15645 - Can\u0027t use git lfs in BuildConfig git source with strategy Docker\nOCPBUGS-15739 - Environment cannot find Python\nOCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions\nOCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get \"https://registry.centos.org/v2/\": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host\nOCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.13.0 security update\nAdvisory ID: RHSA-2023:1326-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:1326\nIssue date: 2023-05-17\nCVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 \n CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 \n CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 \n CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 \n CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 \n CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 \n CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 \n CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 \n CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 \n CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 \n CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 \n CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 \n CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 \n CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 \n CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 \n CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 \n CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 \n CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 \n CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 \n CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 \n CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 \n CVE-2023-30570 CVE-2023-30841 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.13.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:1325\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* mongo-go-driver: specific cstrings input may not be properly validated\n(CVE-2021-20329)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* helm: Denial of service through through repository index file\n(CVE-2022-23525)\n\n* helm: Denial of service through schema file (CVE-2022-23526)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2\nrequests (CVE-2022-41717)\n\n* x/net/http2/h2c: request smuggling (CVE-2022-41721)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK\ndecoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics\n(CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive\nresource consumption (CVE-2022-41725)\n\n* exporter-toolkit: authentication bypass via cache poisoning\n(CVE-2022-46146)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL\nInjection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize\nAccess to Issuer Metadata (CVE-2023-0665)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n(CVE-2023-25000)\n\n* helm: getHostByName Function Information Disclosure (CVE-2023-25165)\n\n* containerd: Supplementary groups are not set up properly (CVE-2023-25173)\n\n* runc: volume mount race condition (regression of CVE-2019-19921)\n(CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is\nsymlinked with a specific mount configuration (CVE-2023-28642)\n\n* baremetal-operator: plain-text username and hashed password readable by\nanyone having a cluster-wide read-access (CVE-2023-30841)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags\n\nThe sha values for the release are:\n\n(For x86_64 architecture)\nThe image digest is\nsha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711\n\n(For s390x architecture)\nThe image digest is\nsha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79\n\n(For ppc64le architecture)\nThe image digest is\nsha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8\n\n(For aarch64 architecture)\nThe image digest is\nsha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]\n1853264 - Metrics produce high unbound cardinality\n1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot\n1904573 - OpenShift: containers modify /etc/passwd group writable\n1943194 - when using gpus, more nodes than needed are created by the node autoscaler\n1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated\n1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated\n2005232 - Pods list page should only show Create Pod button to user has sufficient permission\n2016006 - Repositories list does not show the running pipelinerun as last pipelinerun\n2027000 - The user is ignored when we create a new file using a MachineConfig\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047299 - nodeport not reachable port connection timeout\n2050230 - Implement LIST call chunking in openshift-sdn\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2065166 - GCP - Less privileged service accounts are created with Service Account User role\n2066388 - Wrong Error generates when https is missing in the value of `regionEndpoint` in `configs.imageregistry.operator.openshift.io/cluster`\n2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud\n2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode\n2076619 - Could not create deployment with an unknown git repo and builder image build strategy\n2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)\n2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk\n2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller\n2083087 - \"Delete dependent objects of this resource\" might cause confusions\n2084452 - PodDisruptionBudgets help message should be semantic\n2087043 - Cluster API components should use K8s 1.24 dependencies\n2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, \"ap-northeast-2 (South Korea (Seoul))\" and \"ap-southeast-7 (Thailand (Bangkok))\"\n2089093 - CVO hotloops on OperatorGroup due to the diff of \"upgradeStrategy\": string(\"Default\")\n2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator\n2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload\n2092567 - Network policy is not being applied as expected\n2092811 - Datastore name is too long\n2093339 - [rebase v1.24] Only known images used by tests\n2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11\n2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface\n2100429 - [apiserver-auth] default SCC restricted allow volumes don\u0027t have \"ephemeral\" caused deployment with Generic Ephemeral Volumes stuck at Pending\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2104978 - MCD degrades are not overwrite-able by subsequent errors\n2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu\n2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again\n2110982 - On GCP, need to check load balancer health check IPs required for restricted installation\n2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true\n2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs\n2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button\n2116686 - [capi] Cluster kind should be valid\n2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted\n2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking\n2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning\n2154196 - CVE-2022-23526 helm: Denial of service through schema file\n2154202 - CVE-2022-23525 helm: Denial of service through through repository index file\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests\n2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling\n2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration\n2182884 - CVE-2023-25809 runc: Rootless runc makes `/sys/fs/cgroup` writable\n2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata\n2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File\n2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api\nOCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator\nOCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator\nOCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator\nOCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator\nOCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12\nOCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED\nOCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions\nOCPBUGS-10220 - Newly provisioned machines unable to join cluster\nOCPBUGS-10221 - Risk cache warming takes too long on channel changes\nOCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry\nOCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering\nOCPBUGS-10249 - PollConsoleUpdates won\u0027t fire toast if one or more manifests errors when plugins change\nOCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration\nOCPBUGS-10271 - [4.13] Netflink overflow alert\nOCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror\nOCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS\nOCPBUGS-10291 - Broken link for Ansible tagging\nOCPBUGS-10298 - TenantID is ignored in some cases\nOCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml\nOCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod\nOCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly\nOCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap\nOCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump\nOCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire\nOCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines\nOCPBUGS-10404 - Workload annotation missing from deployments\nOCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json\nOCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied \nOCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing `--authfile` flag\nOCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly\nOCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels\nOCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI\nOCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. \nOCPBUGS-1048 - if tag categories don\u0027t exist, the installation will fail to bootstrap\nOCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error\nOCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials\nOCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata \nOCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-10597 - The agent-tui shows again during the installation\nOCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, \"Observe - Alerting - Silences\" page is pending\nOCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\nOCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release\nOCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning\nOCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains\nOCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found\nOCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo\nOCPBUGS-10679 - Show type of sample on the samples view\nOCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy\nOCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector\nOCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. \nOCPBUGS-10710 - Metal virtual media job permafails during early bootstrap\nOCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3\nOCPBUGS-10739 - [4.13] Bootimage bump tracker\nOCPBUGS-10744 - [4.13] EgressFirewall status disappeared \nOCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13\nOCPBUGS-10771 - upgrade test failure with \"Cluster operator control-plane-machine-set is not available\"\nOCPBUGS-10773 - TestNewAppRun unit test failing\nOCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group\nOCPBUGS-10793 - Ignore device list missing in Node Exporter \nOCPBUGS-10796 - [4.13] Egress firewall is not retried on error\nOCPBUGS-10799 - Network policy perf improvements\nOCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall\nOCPBUGS-10811 - Missing vCenter build number in telemetry\nOCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable\nOCPBUGS-10826 - RHEL 9.2 doesn\u0027t contain the `kernel-abi-whitelists` package. \nOCPBUGS-10832 - Edit Deployment (and DC) form doesn\u0027t enable Save button when changing strategy type\nOCPBUGS-10833 - update the default pipelineRun template name\nOCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process\nOCPBUGS-10873 - OVN to OVN-H migration seems broken\nOCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced\nOCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image\nOCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly\nOCPBUGS-10892 - Passwords printed in log messages\nOCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records\nOCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. \nOCPBUGS-10907 - move to rhel9 in DTK for 4.13\nOCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted\nOCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release\nOCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing \nOCPBUGS-10929 - Kube 1.26 for ovn-k\nOCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip\nOCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately\nOCPBUGS-10953 - ovnkube-node does not close up correctly\nOCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways\nOCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap\nOCPBUGS-10965 - The network-tools image stream is missing in the cluster samples\nOCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn\u0027t work in dualstack cluster\nOCPBUGS-10989 - Agent create sub-command is returning fatal error\nOCPBUGS-10990 - EgressIP doesn\u0027t work in GCP XPN cluster\nOCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group\nOCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder\nOCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update\nOCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before\nOCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating\nOCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours\nOCPBUGS-11040 - --container-runtime is being removed in k8s 1.27\nOCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region\nOCPBUGS-11055 - APIServer service isn\u0027t selected correctly for PublicAndPrivate cluster when external-dns is not configured\nOCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted\nOCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI\nOCPBUGS-11107 - Alerts display incorrect source when adding external alert sources\nOCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel\nOCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8\nOCPBUGS-11213 - BMH moves to deleting before all finalizers are processed\nOCPBUGS-11218 - \"pipelines-as-code-pipelinerun-go\" configMap is not been used for the Go repository \nOCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules\nOCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes\nOCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page \nOCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert\nOCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]\nOCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node\nOCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured\nOCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers \nOCPBUGS-11307 - Egress firewall node selector test missing\nOCPBUGS-11333 - startupProbe for UWM prometheus is still 15m\nOCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label\nOCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile \nOCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled\nOCPBUGS-11390 - Service Binding Operator installation fails: \"A subscription for this operator already exists in namespace ...\"\nOCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName\nOCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation \"k8s.v1.cni.cncf.io/networks-status\", should be \"k8s.v1.cni.cncf.io/network-status\"\nOCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN\nOCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades\nOCPBUGS-11460 - CPMS doesn\u0027t always generate configurations for AWS\nOCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address\nOCPBUGS-11469 - [release4.13] \"exclude bundles with `olm.deprecated` property when rendering\" not backport\nOCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount\nOCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF\nOCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART\nOCPBUGS-11506 - CPMS e2e periodics tests timeout failures\nOCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename\nOCPBUGS-11510 - Setting cpu-quota.crio.io to `disable` with crun causes container creation to fail\nOCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400\nOCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?\nOCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector\nOCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl\nOCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9\nOCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift\nOCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART\nOCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92\nOCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image\nOCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS\nOCPBUGS-11669 - Bump to kubernetes 1.26.3\nOCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe\nOCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools\nOCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes\nOCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update\nOCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9\nOCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default\nOCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script\nOCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART\nOCPBUGS-11789 - [4.13] Bootimage bump tracker\nOCPBUGS-11799 - [4.13] Bootimage bump tracker\nOCPBUGS-11823 - [Reliability]kube-apiserver\u0027s memory usage keep increasing to max 3GB in 7 days\nOCPBUGS-11848 - PtpOperatorsConfig not applying correctly\nOCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted\nOCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially\nOCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop\nOCPBUGS-11908 - Got the `file exists` error when different digest direct to the same tag\nOCPBUGS-11917 - the warn message won\u0027t disappear in co/node-tuning when scale down machineset\nOCPBUGS-11919 - Console metrics could have a high cardinality (4.13)\nOCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-11955 - NTP config not applied\nOCPBUGS-11968 - Instance shouldn\u0027t be moved back from f to a\nOCPBUGS-11985 - [4.13] Ironic inspector service should be proxied\nOCPBUGS-12172 - Users don\u0027t know what type of resource is being created by Import from Git or Deploy Image flows\nOCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2\nOCPBUGS-12186 - Pipeline doesn\u0027t render correctly when displayed but looks fine in edit mode\nOCPBUGS-12198 - create hosted cluster failed with aws s3 access issue\nOCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack\nOCPBUGS-12225 - Add new OCP 4.13 storage admission plugin\nOCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid\nOCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator\nOCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests\nOCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected\nOCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set\nOCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time\nOCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named\nOCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores\nOCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config\nOCPBUGS-12698 - redfish-virtualmedia mount not working \nOCPBUGS-12703 - redfish-virtualmedia mount not working \nOCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host\nOCPBUGS-1272 - \"opm alpha render-veneer basic\" doesn\u0027t support pipe stdin\nOCPBUGS-12737 - Multus admission controller must have \"hypershift.openshift.io/release-image\" annotation when CNO is managed by Hypershift\nOCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA\nOCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting\nOCPBUGS-12854 - `cluster-reader` role cannot access \"k8s.ovn.org\" API Group resources\nOCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack\nOCPBUGS-12865 - Kubernetes-NMState CI is perma-failing\nOCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode\nOCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN\nOCPBUGS-12999 - Backport owners through 4.13, 4.12\nOCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-13057 - ppc64le releases don\u0027t install because ovs fails to start (invalid permissions)\nOCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]\nOCPBUGS-13071 - CI fails on TestClientTLS\nOCPBUGS-13072 - Capture tests don\u0027t work in OVNK\nOCPBUGS-13076 - Load balancers/ Ingress controller removal race condition\nOCPBUGS-13157 - CI fails on TestRouterCompressionOperation\nOCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up\nOCPBUGS-1352 - OVN silently failing in case of a stuck pod\nOCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices\nOCPBUGS-1428 - service account token secret reference\nOCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns\nOCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12\nOCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric\nOCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused\nOCPBUGS-1486 - Avoid re-metric\u0027ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election\nOCPBUGS-1557 - Default to floating automaticRestart for new GCP instances\nOCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config\nOCPBUGS-1565 - Possible split brain with keepalived unicast\nOCPBUGS-1566 - Automation Offline CPUs Test cases\nOCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces\nOCPBUGS-1604 - Common resources out-of-date when using multicluster switcher\nOCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters \nOCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain\nOCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration\nOCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain\nOCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created\nOCPBUGS-166 - 4.11 SNOs fail to complete install because of \"failed to get pod annotation: timed out waiting for annotations: context deadline exceeded\"\nOCPBUGS-1665 - Scorecard failed because of the request of PodSecurity\nOCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided\nOCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed\nOCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and \"NodePortService\" endpoint publishing strategy\nOCPBUGS-1741 - Can\u0027t load additional Alertmanager templates with latest 4.12 OpenShift\nOCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace\nOCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly\nOCPBUGS-1769 - gracefully fail when iam:GetRole is denied\nOCPBUGS-1778 - Can\u0027t install clusters with schedulable masters\nOCPBUGS-1791 - Wait-for install-complete did not exit upon completion. \nOCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn\u0027t list multiple datacenters when specified \nOCPBUGS-1807 - Ingress Operator startup bad log message formatting\nOCPBUGS-1844 - Ironic dnsmasq doesn\u0027t include existing DNS settings during iPXE boot\nOCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn\u0027t land on correct URL\nOCPBUGS-186 - PipelineRun task status overlaps status text\nOCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node\nOCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator\nOCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it\nOCPBUGS-2088 - User can set rendezvous host to be a worker\nOCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8\nOCPBUGS-2145 - \u0027maxUnavailable\u0027 and \u0027minAvailable\u0027 on PDB creation page - i18n misses\nOCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled\nOCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error \"alicloud: unable to split instanceid and region from providerID\"\nOCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts\nOCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - \u0027, it can\u0027t be changed by typing in it. \nOCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week\nOCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by \u0027publish: Internal\u0027 failed due to \u0027dns_public_record\u0027\nOCPBUGS-2440 - unknown field logs in prometheus-operator\nOCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails\nOCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode\nOCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering\nOCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for \"registry.ci.openshift.org\" \nOCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests\nOCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed\nOCPBUGS-2551 - \"Error loading\" when normal user check operands on All namespaces\nOCPBUGS-2569 - ovn-k network policy races\nOCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization\nOCPBUGS-266 - Project Access tab cannot differentiate between users and groups\nOCPBUGS-2666 - `create a project` link not backed by RBAC check\nOCPBUGS-272 - Getting duplicate word \"find\" when kube-apiserver degraded=true if webhook matches a virtual resource\nOCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates\nOCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster\nOCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. \nOCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]\nOCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page\nOCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods\nOCPBUGS-2841 - Need validation rule for supported arch\nOCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update\nOCPBUGS-2847 - GCP XPN should only be available with Tech Preview\nOCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror\nOCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded \nOCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster\nOCPBUGS-2873 - Prometheus doesn\u0027t reload TLS certificate and key files on disk\nOCPBUGS-2886 - The LoadBalaner section shouldn\u0027t be set when using Kuryr on cloud-provider\nOCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener \nOCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters\nOCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled\nOCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints\nOCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop \nOCPBUGS-2922 - \u0027Status\u0027 column sorting doesn\u0027t work as expected\nOCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args\nOCPBUGS-2934 - Ingress node firewall pod \u0027s events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node\nOCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses\nOCPBUGS-2946 - [AWS] curl network Loadbalancer always get \"Connection time out\"\nOCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range\nOCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-2991 - CI jobs are failing with: admission webhook \"validation.csi.vsphere.vmware.com\" denied the request\nOCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations\nOCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing\nOCPBUGS-2996 - [4.13] Bootimage bump tracker\nOCPBUGS-3018 - panic in WaitForBootstrapComplete\nOCPBUGS-3021 - GCP: missing me-west1 region\nOCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer\nOCPBUGS-3027 - Metrics are not available when running console in development mode\nOCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup\nOCPBUGS-3033 - Clicking the logo in the masthead goes to `/dashboards`, even if metrics are disabled\nOCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters\nOCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn\u0027t take effect. \nOCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed \nOCPBUGS-3079 - RPS hook only sets the first queue, but there are now many\nOCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage \nOCPBUGS-3093 - The control plane should tag AWS security groups at creation\nOCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked\nOCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being \nOCPBUGS-3114 - CNO reporting incorrect status\nOCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions\nOCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog\nOCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11-\u003eOCP4.12]\nOCPBUGS-3172 - Console shouldn\u0027t try to install dynamic plugins if permissions aren\u0027t available\nOCPBUGS-3180 - Regression in ptp-operator conformance tests\nOCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install\nOCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails \nOCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm\nOCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster\nOCPBUGS-3207 - SCOS build fails due to pinned kernel\nOCPBUGS-3214 - Installer does not always add router CA to kubeconfig\nOCPBUGS-3228 - Broken secret created while starting a Pipeline\nOCPBUGS-3235 - Topology gets stuck loading\nOCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update\nOCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]\nOCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands\nOCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up\nOCPBUGS-3275 - No-op: Unable to retrieve machine from node \"xxx\": expecting one machine for node xxx got: []\nOCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service\nOCPBUGS-3278 - Shouldn\u0027t need to put host data in platform baremetal section in installconfig\nOCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation\nOCPBUGS-3283 - remove unnecessary RBAC in KCM\nOCPBUGS-3292 - DaemonSet \"/openshift-network-diagnostics/network-check-target\" is not available\nOCPBUGS-3314 - \u0027gitlab.secretReference\u0027 disappears when the buildconfig is edited on ?From View?\nOCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list\nOCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset\nOCPBUGS-3331 - Update dependencies in CMO release 4.13\nOCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model\nOCPBUGS-3337 - revert \"force cert rotation every couple days for development\" in 4.12\nOCPBUGS-3338 - Environment cannot find Python\nOCPBUGS-3358 - Revert BUILD-407\nOCPBUGS-3372 - error message is too generic when creating a silence with end time before start\nOCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on \"Observe -\u003e Targets\" page\nOCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths\nOCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments\nOCPBUGS-3382 - Unable to configure cluster-wide proxy\nOCPBUGS-3391 - seccomp profile unshare.json missing from nodes\nOCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. \nOCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work\nOCPBUGS-3414 - Missing \u0027ImageContentSourcePolicy\u0027 and \u0027CatalogSource\u0027 in the oci fbc feature implementation\nOCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without \"CSISnapshot\" capability\nOCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests\nOCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster\nOCPBUGS-3440 - Authentication operator doesn\u0027t respond to console being enabled\nOCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console\nOCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters\nOCPBUGS-3456 - track `rhcos-4.12` branch for fedora-coreos-config submodule\nOCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages\nOCPBUGS-3465 - IBM operator needs deployment manifest fixes\nOCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components\nOCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page\nOCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling\nOCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation\nOCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady\nOCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure\nOCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin\nOCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working\nOCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1\nOCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags\nOCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances\nOCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS\nOCPBUGS-3662 - don\u0027t enforce PSa in 4.12\nOCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down\nOCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI\nOCPBUGS-3676 - After node\u0027s reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod\nOCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency\nOCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form\nOCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions\nOCPBUGS-3714 - \u0027oc adm upgrade ...\u0027 should expose ClusterVersion Failing=True\nOCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated\nOCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin\nOCPBUGS-3755 - Create Alertmanager silence form does not explain the new \"Negative matcher\" option\nOCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod\nOCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image\nOCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy\nOCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed\nOCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues\nOCPBUGS-3797 - [4.13] Bump OVS control plane to get \"ovsdb/transaction.c: Refactor assess_weak_refs.\"\nOCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger \"Delete CSV\"\nOCPBUGS-3827 - CCM not able to remove a LB in ERROR state\nOCPBUGS-3877 - RouteTargetReference missing default for \"weight\" in Route CRD v1 schema\nOCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator\nOCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly\nOCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states\nOCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP\nOCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true\nOCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready\nOCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set\nOCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory\nOCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected\nOCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later\nOCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13\nOCPBUGS-3931 - When all extensions are installed, \"libkadm5\" rpm package is duplicated in the `rpm -q` command\nOCPBUGS-3933 - Fails to deprovision cluster when swift omits \u0027content-type\u0027\nOCPBUGS-3945 - Handle 0600 kubeconfig\nOCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load\nOCPBUGS-3960 - Use kernel-rt from ose repo\nOCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\nOCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. \nOCPBUGS-3974 - CIRO panics when suspended flag is nil\nOCPBUGS-3975 - \"Failed to open directory, disabling udev device properties\" in node-exporter logs\nOCPBUGS-3978 - AWS EBS CSI driver operator is degraded without \"CSISnapshot\" capability\nOCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets\nOCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml\nOCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass\nOCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks\nOCPBUGS-4000 - fix operator naming convention \nOCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated\nOCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu\nOCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed\nOCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret\nOCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one\nOCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy\nOCPBUGS-4054 - cluster-ingress-operator\u0027s configurable-route controller\u0027s startup is noisy\nOCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic\nOCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend \nOCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting\nOCPBUGS-4110 - Form footer buttons are misaligned in web terminal form\nOCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes\nOCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay\nOCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change\nOCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured\nOCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token\nOCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal\nOCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text\nOCPBUGS-4207 - Remove debug level logging on openshift-config-operator\nOCPBUGS-4219 - Add runbook link to PrometheusRuleFailures\nOCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450\nOCPBUGS-4232 - CNCC: Wrong log format for Azure locking\nOCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface\nOCPBUGS-4252 - Node Terminal tab results in error\nOCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather\nOCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues\nOCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues \nOCPBUGS-4280 - Return 0 when `oc import-image` failed\nOCPBUGS-4282 - [IR-269]Can\u0027t pull sub-manifest image using imagestream of manifest list\nOCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. \nOCPBUGS-4293 - Specify resources.requests for operator pod\nOCPBUGS-4298 - Specify resources.requests for operator pod\nOCPBUGS-4302 - Specify resources.requests for operator pod\nOCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3\nOCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size \nOCPBUGS-4328 - Update installer images to be consistent with ART\nOCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state\nOCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13\nOCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars\nOCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely\nOCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console\nOCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2\nOCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full\nOCPBUGS-4367 - Debug log messages missing from output and Info messages malformed\nOCPBUGS-4377 - Service name search ability while creating the Route from console\nOCPBUGS-4401 - limit cluster-policy-controller RBAC permissions\nOCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network\nOCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not\nOCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode\nOCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator\nOCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing\nOCPBUGS-4483 - apply retry logic to ovnk-node controllers\nOCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig\nOCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig\nOCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia\nOCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout\nOCPBUGS-4516 - `oc-mirror` does not work as expected relative path for OCI format copy \nOCPBUGS-4517 - Better to detail the --command-os of mac for `oc adm release extract` command\nOCPBUGS-4521 - all kubelet targets are down after a few hours\nOCPBUGS-4524 - Hold lock when deleting completed pod during update event\nOCPBUGS-4525 - Don\u0027t log in iterateRetryResources when there are no retry entries\nOCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test\nOCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region\nOCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region\nOCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region\nOCPBUGS-4541 - Azure: remove deprecated ADAL\nOCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]\nOCPBUGS-4549 - Azure: replace deprecated AD Graph API\nOCPBUGS-4550 - [CI] console-operator produces more watch requests than expected\nOCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to \"A specific namespace on the cluster\"\nOCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP\nOCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN\nOCPBUGS-4630 - Bump documentationBaseURL to 4.13\nOCPBUGS-4635 - [OCP 4.13] ironic container images have old packages\nOCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO\nOCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0\nOCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO\nOCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update\nOCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync\nOCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17\nOCPBUGS-4691 - Topology sidebar actions doesn\u0027t show the latest resource data\nOCPBUGS-4692 - PTP operator: Use priority class node critical\nOCPBUGS-4700 - read-only update UX: confusing \"Update blocked\" pop-up\nOCPBUGS-4701 - read-only update UX: confusing \"Control plane is hosted\" banner\nOCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds\nOCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged\nOCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation\nOCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire\nOCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS\nOCPBUGS-4756 - OLM generates invalid component selector labels\nOCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)\nOCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)\nOCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider \u0027ec2\u0027\nOCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19\nOCPBUGS-4781 - Get Helm Release seems to be using List Releases api\nOCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference\nOCPBUGS-4802 - Update formatting with gofmt for go1.19\nOCPBUGS-4825 - Pods completed + deleted may leak\nOCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1\nOCPBUGS-4873 - openshift-marketplace namespace missing \"audit-version\" and \"warn-version\" PSA label\nOCPBUGS-4874 - Baremetal host data is still sometimes required\nOCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type\nOCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service\nOCPBUGS-4899 - coreos-installer output not available in the logs\nOCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters\nOCPBUGS-4906 - Cross-namespace template processing is not being tested\nOCPBUGS-4909 - Can\u0027t reach own service when egress netpol are enabled\nOCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP\nOCPBUGS-4941 - Fails to deprovision cluster when swift omits \u0027content-type\u0027 and there are empty containers\nOCPBUGS-4950 - OLM K8s Dependencies should be at 1.25\nOCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup\nOCPBUGS-4955 - Bundle Unpacker Using \"Always\" ImagePullPolicy for digests\nOCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered\nOCPBUGS-4975 - Missing translation in ceph storage plugin\nOCPBUGS-4986 - precondition: Do not claim warnings would have blocked\nOCPBUGS-4997 - Agent ISO does not respect proxy settings\nOCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI\nOCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver\nOCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather\nOCPBUGS-5016 - Editing Pipeline in the ocp console to get information error\nOCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. \nOCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors\nOCPBUGS-5045 - unit test data race with egress ip tests\nOCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used\nOCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. \nOCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout\nOCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource\nOCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn\u0027t be allowed\nOCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks\nOCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance\nOCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12\nOCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: \"Creating vfat image failed: Unexpected error while running command\"\nOCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s\nOCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install\nOCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing\nOCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX\nOCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5\nOCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family\nOCPBUGS-5188 - Wrong message in MCCDrainError alert\nOCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets \nOCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure\nOCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal\nOCPBUGS-5275 - remove unnecessary RBAC in OCM\nOCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail\nOCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]\nOCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level\nOCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network\nOCPBUGS-5346 - Reported vSphere Connection status is misleading\nOCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled\nOCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard\nOCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn\u0027t restore its snapshot successfully\nOCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire\nOCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions\nOCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13\nOCPBUGS-5458 - wal: max entry size limit exceeded\nOCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch\nOCPBUGS-5466 - Default CatalogSource aren\u0027t always reverted to default settings\nOCPBUGS-5492 - CI \"[Feature:bond] should create a pod with bond interface\" fail for MTU migration jobs\nOCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes\nOCPBUGS-5498 - Host inventory quick start for OCP\nOCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism\nOCPBUGS-5508 - Report topology usage in vSphere environment via telemetry\nOCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible \nOCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures \nOCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write\nOCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests\nOCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn\u0027t appear after ODF upgrade resulting in dashboard crash\nOCPBUGS-5540 - Typo in WTO for Milliseconds\nOCPBUGS-5542 - Project dropdown order is not as smart as project list page order\nOCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec\nOCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted\nOCPBUGS-5559 - add default noProxy config for Azure\nOCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page\nOCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public\nOCPBUGS-5736 - The main section of the page will keep loading after normal user login\nOCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled\nOCPBUGS-5802 - update sprig to v3 in cno\nOCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary\nOCPBUGS-5842 - executes /host/usr/bin/oc\nOCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand \nOCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing \"etcd Object Count\" dashboard to only show OpenShift resources\nOCPBUGS-5888 - Failed to install 4.13 ocp on SNO with \"error during syncRequiredMachineConfigPools\"\nOCPBUGS-5891 - oc-mirror heads-only does not work with target name\nOCPBUGS-5903 - gather default ingress controller definition\nOCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout\nOCPBUGS-5939 - revert \"force cert rotation every couple days for development\" in 4.13\nOCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource\nOCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope\nOCPBUGS-5959 - [4.13] Bootimage bump tracker\nOCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly\nOCPBUGS-5991 - Kube APIServer panics in admission controller\nOCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered\nOCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled\nOCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades\nOCPBUGS-6026 - cannot change /etc folder ownership inside pod\nOCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image\nOCPBUGS-6049 - Do not show UpdateInProgress when status is Failing\nOCPBUGS-6053 - `availableUpdates: null` results in run-time error on Cluster Settings page\nOCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41\nOCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI\nOCPBUGS-6089 - Unnecessary event reprocessing\nOCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection\nOCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly\nOCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider\nOCPBUGS-6101 - Daemonset is not upgraded after operator upgrade\nOCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack\nOCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART\nOCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART\nOCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART\nOCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART\nOCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART\nOCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART\nOCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART\nOCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART\nOCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART\nOCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART\nOCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART\nOCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART\nOCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART\nOCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART\nOCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART\nOCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART\nOCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART\nOCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART\nOCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART\nOCPBUGS-6262 - Add more logs to \"oc extract\" in mco-first boot service \nOCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease \nOCPBUGS-6270 - Irrelevant vsphere platform data is required\nOCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace\nOCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted\nOCPBUGS-6486 - Image upload fails when installing cluster\nOCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade\nOCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff\nOCPBUGS-6507 - Don\u0027t retry network policy peer pods if ips couldn\u0027t be fetched\nOCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed\nOCPBUGS-6610 - Developer - Topology : \u0027Filter by resource\u0027 drop-down i18n misses\nOCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region\nOCPBUGS-6624 - Issue deploying the master node with IPI\nOCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds\nOCPBUGS-6646 - Ingress node firewall CI is broken with latest\nOCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses\nOCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy\nOCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox\nOCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined\nOCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent\nOCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator\u0027s ensureNodePortService\nOCPBUGS-6700 - Cluster-ingress-operator\u0027s updateIngressClass function logs success message when error\nOCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup\nOCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46\nOCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes\nOCPBUGS-6722 - s390x: failed to generate asset \"Image\": multiple \"disk\" artifacts found\nOCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated\nOCPBUGS-6741 - opm fails to serve FBC if cachedir not provided\nOCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column\nOCPBUGS-6760 - Couldn\u0027t update/delete cpms on gcp private cluster\nOCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page\nOCPBUGS-6765 - \"Delete dependent objects of this resource\" might cause confusions\nOCPBUGS-6777 - [gcp][CORS-1988] \"create manifests\" without an existing \"install-config.yaml\" missing 4 YAML files in \"\u003cinstall dir\u003e/openshift\" which leads to \"create cluster\" failure\nOCPBUGS-6781 - gather Machine objects\nOCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop\nOCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun\nOCPBUGS-6809 - Uploading large layers fails with \"blob upload invalid\"\nOCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-6821 - Update NTO images to be consistent with ART\nOCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics\nOCPBUGS-6893 - Dev console doesn\u0027t finish loading for users with limited access\nOCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail\nOCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService\nOCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch\nOCPBUGS-6945 - OS Release reports incorrect version ID\nOCPBUGS-6953 - ovnkube-master panic nil deref\nOCPBUGS-6955 - panic in an ovnkube-master pod\nOCPBUGS-6962 - \u0027agent_installer\u0027 invoker not showing up in telemetry\nOCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs\nOCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1\nOCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed\nOCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed\nOCPBUGS-7031 - Pipelines repository list and creation form doesn\u0027t show Tech Preview status\nOCPBUGS-7090 - Add to navigation button in search result does nothing\nOCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation\nOCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info\nOCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves\nOCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly\nOCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage\nOCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails\nOCPBUGS-7180 - [4.13] Bootimage bump tracker\nOCPBUGS-7186 - [gcp][CORS-2424] with \"secureBoot\" enabled, after deleting control-plane machine, the new machine is created with \"enableSecureBoot\" being False unexpectedly\nOCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error\nOCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page\nOCPBUGS-7204 - Manifests generated to multiple \"results-xxx\" folders when using the oci feature with OCI and nonOCI catalogs \nOCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress\nOCPBUGS-723 - ClusterResourceQuota values are not reflecting. \nOCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs\nOCPBUGS-7284 - Hypershift failing new SCC conformance tests\nOCPBUGS-7291 - ptp keeps trying to start phc2sys even if it\u0027s configured as empty string in phc2sysOpts\nOCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)\nOCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured\nOCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]\nOCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error\nOCPBUGS-7354 - Installation failed on Azure SDN as network is degraded \nOCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13\nOCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend \nOCPBUGS-736 - Kuryr uses default MTU for service network\nOCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc\nOCPBUGS-7372 - fail early on missing node status envs\nOCPBUGS-7374 - set default timeouts in etcdcli\nOCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication\nOCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore\nOCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito\nOCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form\nOCPBUGS-7419 - CVO delay when setting clusterversion available status to true \nOCPBUGS-7421 - Missing i18n key for PAC section in Git import form\nOCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1\nOCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time\nOCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly\nOCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere\nOCPBUGS-7483 - Hypershift installs on \"platform: none\" are broken\nOCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged\nOCPBUGS-7495 - Platform type is ignored\nOCPBUGS-7517 - Helm page crashes on old releases with a new Secret\nOCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal\nOCPBUGS-7523 - Add new AWS regions for ROSA\nOCPBUGS-7542 - Bump router to k8s APIs v0.26.1\nOCPBUGS-7555 - Enable default sysctls for kubelet\nOCPBUGS-7558 - Rebase coredns to 1.10.1\nOCPBUGS-7563 - vSphere install can\u0027t complete with out-of-tree CCM\nOCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse\nOCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected \nOCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)\nOCPBUGS-7617 - Azure Disk volume is taking time to attach/detach\nOCPBUGS-7622 - vSphere UPI jobs failing with \u0027Managed cluster should have machine resources\u0027\nOCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1\nOCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4\nOCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true\nOCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2\nOCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig\nOCPBUGS-7729 - Remove ETCD liviness probe. \nOCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped\nOCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2\nOCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config\nOCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon\nOCPBUGS-7754 - ART having trouble building olm images\nOCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable\nOCPBUGS-7785 - migrate to using Lease for leader election\nOCPBUGS-7806 - add \"nfs-export\" under PV details page\nOCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file\nOCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP\nOCPBUGS-7833 - Storage tests failing in no-capabilities job\nOCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure\nOCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json\nOCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work\nOCPBUGS-7879 - Devfile isn\u0027t be processed correctly on \u0027Add from git repo\u0027\nOCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI\nOCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC\nOCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated\nOCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context\nOCPBUGS-794 - OLM version rule is not clear\nOCPBUGS-7940 - apiserver panics in admission controller\nOCPBUGS-7943 - AzureFile CSI driver does not compile with cachito\nOCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by\nOCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source\nOCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed\nOCPBUGS-8086 - Visual issues with listing items\nOCPBUGS-8243 - [release 4.13] Gather Monitoring pods\u0027 Persistent Volumes\nOCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2\nOCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO\nOCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-8341 - Unable to set capabilities with agent installer based installation \nOCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing\nOCPBUGS-8353 - PXE support is incomplete\nOCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-8401 - Bump openshift/origin to kube 1.26.2\nOCPBUGS-8424 - ControlPlaneMachineSet: Machine\u0027s Node should be Ready to consider the Machine Ready\nOCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig\nOCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview\nOCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names\nOCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job\nOCPBUGS-8481 - CAPI rebases 4.13 backports\nOCPBUGS-8490 - agent-tui: display additional checks only when primary check fails\nOCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets\nOCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart\nOCPBUGS-8511 - [4.13+ ONLY] Don\u0027t use port 80 in bootstrap IPI bare metal\nOCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded\nOCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local\nOCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names\nOCPBUGS-8699 - Metal IPI Install Rate Below 90%\nOCPBUGS-8701 - `oc patch project` not working with OCP 4.12\nOCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth\nOCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2\nOCPBUGS-8710 - [4.13] don\u0027t enforce PSa in 4.13\nOCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator\nOCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view\nOCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10\nOCPBUGS-8742 - Origin tests should not specify `readyz` as the health check path\nOCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-8941 - Introduce tooltips for contextual information\nOCPBUGS-904 - Alerts from MCO are missing namespace\nOCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don\u0027t seem to reach the pods\nOCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length\nOCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change\nOCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases\nOCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs\nOCPBUGS-9338 - editor toggle radio input doesn\u0027t have distinguishable attributes\nOCPBUGS-9389 - Detach code in vsphere csi driver is failing\nOCPBUGS-948 - OLM sets invalid SCC label on its namespaces\nOCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin\nOCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview\nOCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-9926 - Enable node healthz server for ovnk in CNO \nOCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates\nOCPBUGS-9957 - Garbage collect grafana-dashboard-etcd\nOCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index\nOCPBUGS-9963 - Better to change the error information more clearly to help understand \nOCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2021-4238\nhttps://access.redhat.com/security/cve/CVE-2021-20329\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-43519\nhttps://access.redhat.com/security/cve/CVE-2021-44964\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1587\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2990\nhttps://access.redhat.com/security/cve/CVE-2022-3080\nhttps://access.redhat.com/security/cve/CVE-2022-3259\nhttps://access.redhat.com/security/cve/CVE-2022-4203\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-23525\nhttps://access.redhat.com/security/cve/CVE-2022-23526\nhttps://access.redhat.com/security/cve/CVE-2022-26280\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-38023\nhttps://access.redhat.com/security/cve/CVE-2022-38177\nhttps://access.redhat.com/security/cve/CVE-2022-38178\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41316\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-41721\nhttps://access.redhat.com/security/cve/CVE-2022-41723\nhttps://access.redhat.com/security/cve/CVE-2022-41724\nhttps://access.redhat.com/security/cve/CVE-2022-41725\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-42919\nhttps://access.redhat.com/security/cve/CVE-2022-46146\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2023-0056\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0216\nhttps://access.redhat.com/security/cve/CVE-2023-0217\nhttps://access.redhat.com/security/cve/CVE-2023-0229\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-0401\nhttps://access.redhat.com/security/cve/CVE-2023-0620\nhttps://access.redhat.com/security/cve/CVE-2023-0665\nhttps://access.redhat.com/security/cve/CVE-2023-0778\nhttps://access.redhat.com/security/cve/CVE-2023-25000\nhttps://access.redhat.com/security/cve/CVE-2023-25165\nhttps://access.redhat.com/security/cve/CVE-2023-25173\nhttps://access.redhat.com/security/cve/CVE-2023-25577\nhttps://access.redhat.com/security/cve/CVE-2023-25725\nhttps://access.redhat.com/security/cve/CVE-2023-25809\nhttps://access.redhat.com/security/cve/CVE-2023-27561\nhttps://access.redhat.com/security/cve/CVE-2023-28642\nhttps://access.redhat.com/security/cve/CVE-2023-30570\nhttps://access.redhat.com/security/cve/CVE-2023-30841\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ\nIT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC\nLpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb\ndYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy\ntnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc\nPSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK\no1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T\ncTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy\n4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8\nTMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ\n8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H\nXbiJN3SZj5U=\n=WGO2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1897"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1897",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167944",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168182",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168222",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-50690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168150",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169435",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4246",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"id": "VAR-202205-2059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:58:09.296000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7058"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://registry.centos.org/v2/\":"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:4052"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26280"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25725"
},
{
"trust": 0.1,
"url": "https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]:"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-28642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41316"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-30570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-30841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42919"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3080"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-423551"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"date": "2022-09-01T16:33:07",
"db": "PACKETSTORM",
"id": "168222"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-10-20T14:21:57",
"db": "PACKETSTORM",
"id": "169443"
},
{
"date": "2022-08-04T14:47:31",
"db": "PACKETSTORM",
"id": "167944"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-08-25T15:29:18",
"db": "PACKETSTORM",
"id": "168182"
},
{
"date": "2023-07-19T15:37:11",
"db": "PACKETSTORM",
"id": "173605"
},
{
"date": "2023-05-18T13:46:17",
"db": "PACKETSTORM",
"id": "172441"
},
{
"date": "2022-09-14T15:08:07",
"db": "PACKETSTORM",
"id": "168378"
},
{
"date": "2022-05-27T15:15:07.620000",
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-423551"
},
{
"date": "2023-08-21T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"date": "2024-11-21T06:41:42.313000",
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "172441"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.1
}
}
var-202202-0103
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
-
vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
-
vim: Out-of-range Pointer Offset (CVE-2022-1420)
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
-
vim: use after free in utf_ptr2char (CVE-2022-1154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4327"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0554",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0554",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-971",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414500",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0554",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)\n\n* vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)\n\n* vim: Out-of-range Pointer Offset (CVE-2022-1420)\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\n* vim: use after free in utf_ptr2char (CVE-2022-1154)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0554",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-414500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"id": "VAR-202202-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:02:44.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "may\u00a0end\u00a0up\u00a0with\u00a0no\u00a0current\u00a0buffer Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184874"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-do-buffer-ext-37653"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-414500"
},
{
"date": "2022-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"date": "2023-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"date": "2022-02-10T22:15:07.483000",
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-414500"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"date": "2023-05-26T07:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"date": "2024-11-21T06:38:54.230000",
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
],
"trust": 0.6
}
}
var-202112-1669
Vulnerability from variot
vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details are currently available. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3847"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4136",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408692",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4136",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4136",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-4136",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408692",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details are currently available. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408692",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4136",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05065",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408692",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"id": "VAR-202112-1669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:51:09.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176292"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2021-4136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8555eee3fc6f369b98c0f1edfd9a3e96"
},
{
"title": "Red Hat: CVE-2021-4136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4136"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-eval-lambda-37182"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168124/gentoo-linux-security-advisory-202208-32.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-408692"
},
{
"date": "2021-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"date": "2022-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"date": "2021-12-19T17:15:07.553000",
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-408692"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"date": "2022-12-26T02:14:00",
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"date": "2024-11-21T06:36:58.833000",
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
],
"trust": 0.6
}
}
var-202205-2080
Vulnerability from variot
Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability, which stems from a reuse-after-free issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5024"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1898",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423552",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1898",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1898",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1898",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423552",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1898",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability, which stems from a reuse-after-free issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1898",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50691",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423552",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"id": "VAR-202205-2080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:04:43.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "using\u00a0freed\u00a0memory\u00a0with\u00a0\"]d\" Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194717"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1898"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1898/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-nv-brackets-38493"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-423552"
},
{
"date": "2022-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"date": "2022-05-27T09:15:08.030000",
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-423552"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"date": "2023-08-21T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"date": "2024-11-21T06:41:42.490000",
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
],
"trust": 0.6
}
}
var-202201-0324
Vulnerability from variot
Out-of-bounds Read in vim/vim prior to 8.2. Vim is an editor based on the UNIX platform. The vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4154"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-412972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0319",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0319",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0319",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0319",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0319",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2137",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-412972",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0319",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in vim/vim prior to 8.2. Vim is an editor based on the UNIX platform. The vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-412972",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0319",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167368",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0921",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060217",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-08159",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-412972",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"id": "VAR-202201-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:33:09.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=179576"
},
{
"title": "Red Hat: CVE-2022-0319",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0319"
},
{
"title": "Ubuntu Security Notice: USN-5458-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5458-1"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-020",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-020"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-0319 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167368/ubuntu-security-notice-usn-5458-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-win-exchange-37710"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0921"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5458-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-412972"
},
{
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-412972"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-06-02T17:08:47",
"db": "PACKETSTORM",
"id": "167368"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"date": "2022-01-21T14:15:07.810000",
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-412972"
},
{
"date": "2022-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0319"
},
{
"date": "2023-03-10T01:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-003863"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2137"
},
{
"date": "2024-11-21T06:38:22.177000",
"db": "NVD",
"id": "CVE-2022-0319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2137"
}
],
"trust": 0.6
}
}
var-202202-0152
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4440"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0729",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-0729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-415704",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-0729",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0729",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0729",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0729",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0729",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0729",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415704",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0729",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0729",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"id": "VAR-202202-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:14:16.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184512"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0729"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
},
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-regmatch-37650"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0729/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1579.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-415704"
},
{
"date": "2022-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"date": "2023-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"date": "2022-02-23T14:15:08.123000",
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415704"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"date": "2023-06-22T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"date": "2024-11-21T06:39:16.550000",
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
],
"trust": 0.6
}
}
var-202205-0540
Vulnerability from variot
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a resource management error vulnerability in versions prior to Vim 8.2.4895. The vulnerability is caused by the confusion of the instruction responsible for releasing memory in the append_command program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4895"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1616",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1616",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1616",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1616",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2613",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419729",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a resource management error vulnerability in versions prior to Vim 8.2.4895. The vulnerability is caused by the confusion of the instruction responsible for releasing memory in the append_command program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1616",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-36993",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-419729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"id": "VAR-202205-0540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:12:40.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=191849"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1616"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1616"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ex-docmd-c-38309"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1616/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-419729"
},
{
"date": "2022-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"date": "2022-05-07T19:15:07.447000",
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419729"
},
{
"date": "2022-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"date": "2023-08-22T05:58:00",
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"date": "2024-11-21T06:41:05.867000",
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
],
"trust": 0.6
}
}
var-202201-0458
Vulnerability from variot
vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information may be obtained. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)
It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the compile_get_env() function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158)
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4049"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167788"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-411581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0158",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0158",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-0158",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0158",
"trust": 1.0,
"value": "LOW"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0158",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0158",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-668",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-411581",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0158",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information may be obtained. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)\nIt was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim\u0027s internal memory. (CVE-2022-0158)\nA flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)\nA flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)\nA flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-0407)\n\nIt was discovered that Vim contained a NULL pointer dereference\nvulnerability when switching tabpages. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0158",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167788",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3560",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05043",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411581",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"id": "VAR-202201-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:27:45.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213344",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=178105"
},
{
"title": "Red Hat: CVE-2022-0158",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0158"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Big Sur 11.6.8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=46307825e8223bef6aa99c76dff503a5"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213344"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/13"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072102"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213344"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-compile-get-env-37250"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3560"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1567.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213344."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411581"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"date": "2023-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:29",
"db": "PACKETSTORM",
"id": "167788"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"date": "2022-01-10T16:15:09.853000",
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-411581"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"date": "2023-01-31T02:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"date": "2024-11-21T06:38:01.650000",
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
],
"trust": 0.6
}
}
var-202201-0437
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Summary:
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes Advisory ID: RHSA-2022:1476-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1476 Issue date: 2022-04-20 CVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-27191 =====================================================================
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
Related bugs:
-
RHACM 2.4.3 image files (BZ #2057249)
-
Observability - dashboard name contains
/would cause error when generating dashboard cm (BZ #2032128) -
ACM application placement fails after renaming the application name (BZ
2033051)
-
Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
-
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
-
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
-
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ
2048500)
-
clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
-
Application cluster status is not updated in UI after restoring (BZ
2053279)
-
OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
-
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
-
Subscriptions stop reconciling after channel secrets are recreated (BZ
2059954)
-
Placementrule is not reconciling on a new fresh environment (BZ #2074156)
-
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- References:
https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0144 https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-0811 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-24450 https://access.redhat.com/security/cve/CVE-2022-24778 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW1wIACgkQ4RjMIDke NxnZ+xAAqoucBvVAByV37Mr4jEpccIOz7wHZ/4vv7+y7dm34CenADqWWkHi9dHD9 Esk5iJaS1vrapc8BdZLfa5EzI5jo9dww+gqs/sqq48bugg86JmDJe77f9EPwjbm0 shX3psa1A3RWfESeNdOUl+MEk/1zip5fstehhqBS54kGMCK1Q4fQmWNmWZHEZyGX W8OFY8nUIceEpL402U+sCc8HscAfcsKkcsMApjrwjVmr/oFdPDfCXgMVYxSh6Xrv F24+7zGPI1sl3SI1fzaP30fZRY7COGkUSQ2zpVQZsiazqt3G6kCQrv99Ut/OAMl+ 0DHPLtV/Tv31s6CyjvCNEIpVpRkPZ6AgYYvQHbuJBmFsV4EP86eZ8kj9XBxfjk4+ kz/cXAgDE8Q7rvT/8uFr/TWS+uP9H4J87FMGuYrQR33lptaiJyP0sy2TTnJ5fTm5 FPH7vbcL4lSo//YK7TNxHMdDzDNSH+dcfFcXPHHSrcW27KuM4Rft8esy+r9r+SZj mJlZa5pVqlo8BjsOnkWd559N2UrFQxB0trwEaAAeQPMPjczc6yR8rxmh01dpZ2CW 0curmxCY81yt/Gm+qCcuAbXG3XQSYYH6Bc+vkxiyFXYnuHNRQCdFTLBG7muc1my6 gitAC7jLftbZMtTQPmbgeyhsBPjqmT7L0O7DzDuHHLQi3O/xc28= =lEWC -----END PGP SIGNATURE——
. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0437",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4120"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
}
],
"trust": 0.4
},
"cve": "CVE-2022-0261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0261",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-412328",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0261",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0261",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0261",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0261",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-412328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes\nAdvisory ID: RHSA-2022:1476-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1476\nIssue date: 2022-04-20\nCVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 \n CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 \n CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 \n CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 \n CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 \n CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 \n CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 \n CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 \n CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 \n CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 \n CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 \n CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 \n CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 \n CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 \n CVE-2022-25315 CVE-2022-27191 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 General\nAvailability release images. This update provides security fixes, bug\nfixes, and updates the container images. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE links in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous\nerrata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-0920\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-4154\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0144\nhttps://access.redhat.com/security/cve/CVE-2022-0155\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0261\nhttps://access.redhat.com/security/cve/CVE-2022-0318\nhttps://access.redhat.com/security/cve/CVE-2022-0330\nhttps://access.redhat.com/security/cve/CVE-2022-0359\nhttps://access.redhat.com/security/cve/CVE-2022-0361\nhttps://access.redhat.com/security/cve/CVE-2022-0392\nhttps://access.redhat.com/security/cve/CVE-2022-0413\nhttps://access.redhat.com/security/cve/CVE-2022-0435\nhttps://access.redhat.com/security/cve/CVE-2022-0492\nhttps://access.redhat.com/security/cve/CVE-2022-0516\nhttps://access.redhat.com/security/cve/CVE-2022-0536\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-0811\nhttps://access.redhat.com/security/cve/CVE-2022-0847\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-22942\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-24450\nhttps://access.redhat.com/security/cve/CVE-2022-24778\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW1wIACgkQ4RjMIDke\nNxnZ+xAAqoucBvVAByV37Mr4jEpccIOz7wHZ/4vv7+y7dm34CenADqWWkHi9dHD9\nEsk5iJaS1vrapc8BdZLfa5EzI5jo9dww+gqs/sqq48bugg86JmDJe77f9EPwjbm0\nshX3psa1A3RWfESeNdOUl+MEk/1zip5fstehhqBS54kGMCK1Q4fQmWNmWZHEZyGX\nW8OFY8nUIceEpL402U+sCc8HscAfcsKkcsMApjrwjVmr/oFdPDfCXgMVYxSh6Xrv\nF24+7zGPI1sl3SI1fzaP30fZRY7COGkUSQ2zpVQZsiazqt3G6kCQrv99Ut/OAMl+\n0DHPLtV/Tv31s6CyjvCNEIpVpRkPZ6AgYYvQHbuJBmFsV4EP86eZ8kj9XBxfjk4+\nkz/cXAgDE8Q7rvT/8uFr/TWS+uP9H4J87FMGuYrQR33lptaiJyP0sy2TTnJ5fTm5\nFPH7vbcL4lSo//YK7TNxHMdDzDNSH+dcfFcXPHHSrcW27KuM4Rft8esy+r9r+SZj\nmJlZa5pVqlo8BjsOnkWd559N2UrFQxB0trwEaAAeQPMPjczc6yR8rxmh01dpZ2CW\n0curmxCY81yt/Gm+qCcuAbXG3XQSYYH6Bc+vkxiyFXYnuHNRQCdFTLBG7muc1my6\ngitAC7jLftbZMtTQPmbgeyhsBPjqmT7L0O7DzDuHHLQi3O/xc28=\n=lEWC\n-----END PGP SIGNATURE\u2014\u2014\n\n\n. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Monterey\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0261"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-412328",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0261",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166323",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022052327",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031527",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032446",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2516",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1523",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-412328",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"id": "VAR-202201-0437",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:02:07.422000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-block-insert-37407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031527"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032446"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2516"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040631"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052327"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-412328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-412328"
},
{
"date": "2023-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431"
},
{
"date": "2022-04-21T15:12:25",
"db": "PACKETSTORM",
"id": "166812"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"date": "2022-01-18T16:15:08.053000",
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-412328"
},
{
"date": "2023-02-20T02:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-003459"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1523"
},
{
"date": "2024-11-21T06:38:15.340000",
"db": "NVD",
"id": "CVE-2022-0261"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003459"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1523"
}
],
"trust": 0.6
}
}
var-202205-1990
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Vim versions prior to 8.2 have a security vulnerability caused by buffer overreading. Summary:
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Description:
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
-
eventsource: Exposure of Sensitive Information (CVE-2022-1650)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
node-forge: Signature verification leniency in checking
digestAlgorithmstructure can lead to signature forgery (CVE-2022-24771) -
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
-
node-forge: Signature verification leniency in checking
DigestInfostructure (CVE-2022-24773) -
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1937117 - Deletion of StorageCluster doesn't remove ceph toolbox pod
1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified
1973317 - libceph: read_partial_message and bad crc/signature errors
1996829 - Permissions assigned to ceph auth principals when using external storage are too broad
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
2027724 - Warning log for rook-ceph-toolbox in ocs-operator log
2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056697 - odf-csi-addons-operator subscription failed while using custom catalog source
2058211 - Add validation for CIDR field in DRPolicy
2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced
2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10
2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE
2063691 - [GSS] [RFE] Add termination policy to s3 route
2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2066514 - OCS operator to install Ceph prometheus alerts instead of Rook
2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking DigestInfo structure
2069314 - OCS external mode should allow specifying names for all Ceph auth principals
2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster.
2069812 - must-gather: rbd_vol_and_snap_info collection is broken
2069815 - must-gather: essential rbd mirror command outputs aren't collected
2070542 - After creating a new storage system it redirects to 404 error page instead of the "StorageSystems" page for OCP 4.11
2071494 - [DR] Applications are not getting deployed
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty
2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled
2075426 - 4.10 must gather is not available after GA of 4.10
2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in "Progressing" state although all the openshift-storage pods are up and Running
2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost
2077242 - vg-manager missing permissions
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2079866 - [DR] odf-multicluster-console is in CLBO state
2079873 - csi-nfsplugin pods are not coming up after successful patch request to update "ROOK_CSI_ENABLE_NFS": "true"'
2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses
2081680 - Add the LVM Operator into the Storage category in OperatorHub
2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation
2082078 - OBC's not getting created on primary cluster when manageds3 set as "true" for mirrorPeer
2082497 - Do not filter out removable devices
2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending)
2083441 - LVM operator should deploy the volumesnapshotclass resource
2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status
2083993 - Add missing pieces for storageclassclaim
2084041 - [Console Migration] Link-able storage system name directs to blank page
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided"
2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates
2084546 - [Console Migration] Provider details absent under backing store in UI
2084565 - [Console Migration] The creation of new backing store , directs to a blank page
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred
2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace
2086557 - Thin pool in lvm operator doesn't use all disks
2086675 - [UI]No option to "add capacity" via the Installed Operators tab
2086982 - ODF 4.11 deployment is failing
2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm
2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown
2087107 - Set default storage class if none is set
2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message
2087675 - ocs-metrics-exporter pod crashes on odf v4.11
2087732 - [Console Migration] Events page missing under new namespace store
2087755 - [Console Migration] Bucket Class details page doesn't have the complete details in UI
2088359 - Send VG Metrics even if storage is being consumed from thinPool alone
2088380 - KMS using vault on standalone MCG cluster is not enabled
2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint
2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook
2089296 - [MS v2] Storage cluster in error phase and 'ocs-provider-qe' addon installation failed with ODF 4.10.2
2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts
2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9.
2089552 - [MS v2] Cannot create StorageClassClaim
2089567 - [Console Migration] Improve the styling of Various Components
2089786 - [Console Migration] "Attach to deployment" option is missing in kebab menu for Object Bucket Claims .
2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket.
2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed
2090278 - [LVMO] Some containers are missing resource requirements and limits
2090314 - [LVMO] CSV is missing some useful annotations
2090953 - [MCO] DRCluster created under default namespace
2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics
2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool.
2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference
2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external
2091894 - All backingstores in cluster spontaneously change their own secret
2091951 - [GSS] OCS pods are restarting due to liveness probe failure
2091998 - Volume Snapshots not work with external restricted mode
2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool
2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks
2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le)
2092349 - Enable zeroing on the thin-pool during creation
2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase
2092400 - [MS v2] StorageClassClaim creation is failing with error "no StorageCluster found"
2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically
2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected
2094179 - MCO fails to create DRClusters when replication mode is synchronous
2094853 - [Console Migration] Description under storage class drop down in add capacity is missing .
2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount
2095155 - Use tool black to format the python external script
2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster
2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time
2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page
2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened
2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False
2096937 - Storage - Data Foundation: i18n misses
2097216 - Collect StorageClassClaim details in must-gather
2097287 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page
2097305 - Add translations for ODF 4.11
2098121 - Managed ODF not getting detected
2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment
2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount
2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled
2099581 - StorageClassClaim with encryption gets into Failed state
2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project
2099646 - Block pool list page kebab action menu is showing empty options
2099660 - OCS dashbaords not appearing unless user clicks on "Overview" Tab
2099724 - S3 secret namespace on the managed cluster doesn't match with the namespace in the s3profile
2099965 - rbd: provide option to disable setting metadata on RBD images
2100326 - [ODF to ODF] Volume snapshot creation failed
2100352 - Make lvmo pod labels more uniform
2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary
2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install
2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection
2103818 - Restored snapshot don't have any content
2104833 - Need to update configmap for IBM storage odf operator GA
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Solution:
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- Bugs fixed (https://bugzilla.redhat.com/):
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1105 - IOR doesn't support a host with namespace/ prefix OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes OSSM-1800 - IOR should copy labels from Gateway to Route OSSM-1805 - Reconcile SMCP when Kiali is not available OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER OSSM-1868 - Container release for Maistra 2.2.2
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update Advisory ID: RHSA-2022:6051-01 Product: RHOL Advisory URL: https://access.redhat.com/errata/RHSA-2022:6051 Issue date: 2022-08-18 CVE Names: CVE-2021-38561 CVE-2022-0759 CVE-2022-1012 CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-30631 CVE-2022-32250 ==================================================================== 1. Summary:
An update is now available for RHOL-5.5-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Logging Subsystem 5.5.0 - Red Hat OpenShift
Security Fix(es):
-
kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1415 - Allow users to tune fluentd
LOG-1539 - Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image
LOG-1713 - Reduce Permissions granted for prometheus-k8s service account
LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created.
LOG-2134 - The infra logs are sent to app-xx indices
LOG-2159 - Cluster Logging Pods in CrashLoopBackOff
LOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages.
LOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL
LOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext.
LOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected.
LOG-2242 - Log file metric exporter is still following /var/log/containers files.
LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed
LOG-2264 - Logging link should contain an icon
LOG-2274 - [Logging 5.5] EO doesn't recreate secrets kibana and kibana-proxy after removing them.
LOG-2276 - Fluent config format is hard to read via configmap
LOG-2290 - ClusterLogging Instance status in not getting updated in UI
LOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1
LOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint.
LOG-2300 - [Logging 5.5]ES pods can't be ready after removing secret/signing-elasticsearch
LOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck
LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously
LOG-2333 - Journal logs not reaching Elasticsearch output
LOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record.
LOG-2342 - [Logging 5.5] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority"
LOG-2384 - Provide a method to get authenticated from GCP
LOG-2411 - [Vector] Audit logs forwarding not working.
LOG-2412 - CLO's loki output url is parsed wrongly
LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type
LOG-2418 - EO supported time units don't match the units specified in CRDs.
LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong
LOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift
LOG-2444 - The write index is removed when the size of the index > diskThresholdPercent% * total size.
LOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster.
LOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack.
LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices
LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]
LOG-2522 - CLO supported time units don't match the units specified in CRDs.
LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready.
LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster
LOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector.
LOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data
LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate
LOG-2599 - Supported values for level field don't match documentation
LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert
LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect
LOG-2619 - containers violate PodSecurity -- Log Exporation
LOG-2627 - containers violate PodSecurity -- Loki
LOG-2649 - Level Critical should match the beginning of the line as the other levels
LOG-2656 - Logging uses deprecated v1beta1 apis
LOG-2664 - Deprecated Feature logs causing too much noise
LOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster
LOG-2693 - Integration with Jaeger fails for ServiceMonitor
LOG-2700 - [Vector] vector container can't start due to "unknown field pod_annotation_fields" .
LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance
LOG-2725 - Upgrade logging-eventrouter Golang version and tags
LOG-2731 - CLO keeps reporting Reconcile ServiceMonitor retry error and Reconcile Service retry error after creating clusterlogging.
LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration
LOG-2742 - unrecognized outputs when use the sts role secret
LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs
LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.
LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo
LOG-2763 - [Vector]{Master} Vector's healthcheck fails when forwarding logs to Lokistack.
LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
LOG-2765 - ingester pod can not be started in IPv6 cluster
LOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy
LOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx
LOG-2773 - No cluster-logging-operator-metrics service in logging 5.5
LOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack.
LOG-2784 - Japanese log messages are garbled at Kibana
LOG-2793 - [Vector] OVN audit logs are missing the level field.
LOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF
LOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF.
LOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector.
LOG-2875 - Seeing a black rectangle box on the graph in Logs view
LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error
LOG-2877 - When there is no query entered, seeing error message on the Logs view
LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen
- References:
https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0759 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYv5/w9zjgjWX9erEAQhRBBAAiZe24VtCQruCG/MvGEOowBvHf/YNANlR N6WAw2VezEfvFkG7z599MWZVWz2jnZO6cn9i+CoNDanAmItPJ8ljK4sitrP2ywrG OKwqIa4DPrywFFTSMxemB604ewE0cvXifuqG5bQDn+GvndiV/u/XaVTYZseY1P5X 8ZIJ20cxROOE9pg0/3eya27edZxDrgWx6BtzSEZw47ReV3Dogqy+KzRCAAoN+pE5 g2t/E0u0Ypmjil9Ttsop/ejUg/iz8UTGtua4m1nzhZrsoE84p5xIgvCEkYlh3OrD tfawpj1r9Avcjk4zbZkAe/enSQZQv0iWD792SoP7/ddX5tIu05ArvPWj/NvN/rI4 dFzMe2UmezuS2EQpzaWOug2xSQUbR1hI+Y4cy0YOHuwzeaMeoHSbNYTJmOxKR0v1 44a9oSBku+Xfk8nUNqS+9oq0z3DlAWt2BjbfrJCbSjZQdOUOIGM95L3ClrXY9LYF PT5v+h2W4myonj6HVhkv+Wy7aRbYQ7Qhk/3AaN7Dz5soBSNK4exvOzWXGuf/BdSf XFef6O87ipZveHQYmTfH+t8aJV1plEVTrm8pyz2EfzCv1Fnhjn0rvbGZAFBlvqW+ vhxoj505RQBBhcno16V1zczdd8KsiqY7aZniTuh2DQAVvNhqsHgn8rvQ7HJlExun eIFVKOxx310=ynB/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fixes:
-
CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
-
CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
-
CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
-
CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
-
CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
-
CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
-
CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
-
CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
-
CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
-
CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
-
CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Bug fixes:
-
assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)
-
assisted-service-build image is too big in size (BZ# 2066059)
-
assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)
-
PXE artifacts need to be served via HTTP (BZ# 2078531)
-
Implementing new service-agent protocol on agent side (BZ# 2081281)
-
RHACM 2.6.0 images (BZ# 2090906)
-
Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)
-
Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)
-
Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)
-
Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)
-
The pre-selected search keyword is not readable (BZ# 2107736)
-
The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)
-
Bugs fixed (https://bugzilla.redhat.com/):
2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned 2066059 - assisted-service-build image is too big in size 2076901 - assisted-service pin-latest.py script should exclude the postgres image 2078531 - iPXE artifacts need to be served via HTTP 2081281 - Implementing new service-agent protocol on agent side 2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors 2090906 - RHACM 2.6.0 images 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2093503 - Assisted service POD keeps crashing after a bare metal host is created 2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled 2096445 - Assisted service POD keeps crashing after a bare metal host is created 2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow 2097696 - Fix assisted CI jobs that fail for cluster-info readiness 2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB 2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart 2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow 2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2105339 - Search Application button on the Application Table for Subscription applications does not Redirect 2105357 - [UI] hypershift cluster creation error - n[0] is undefined 2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa 2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications 2107049 - The clusterrole for global clusterset did not created by default 2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {"error": "error listening on :8081: listen tcp :8081: bind: address already in use"} 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107370 - Helm Release resource recreation feature does not work with the local cluster 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108888 - Hypershift on AWS - control plane not running 2109370 - The button to create the cluster is not visible 2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6 2111218 - Create cluster - Infrastructure page crashes 2111651 - "View application" button on app table for Flux applications redirects to apiVersion=ocp instead of flux 2111663 - Hosted cluster in Pending import state 2111671 - Leaked namespaces after deleting hypershift deployment 2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs 2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI 2112180 - The policy page is crashed after input keywords in the search box 2112281 - config-policy-controller pod can't startup in the OCP3.11 managed cluster 2112318 - Can't delete the objects which are re-created by policy when deleting the policy 2112321 - BMAC reconcile loop never stops after changes 2112426 - No cluster discovered due to x509: certificate signed by unknown authority 2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. 2112793 - Can't view details of the policy template when set the spec.pruneObjectBehavior as unsupported value 2112803 - ClusterServiceVersion for release 2.6 branch references "latest" tag 2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster 2113838 - the cluster proxy-agent was deployed on the non-infra nodes 2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace 2114982 - Control plane type shows 'Standalone' for hypershift cluster 2115622 - Hub fromsecret function doesn't work for hosted mode in multiple hub 2115723 - Can't view details of the policy template for customer and hypershift cluster in hosted mode from UI 2115993 - Policy automation details panel was not updated after editing the mode back to disabled 2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status 2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster 2117113 - The proxy-server-host was not correct in cluster-proxy-agent 2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates 2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn't work 2118338 - Report the "namespace not found" error after clicked view yaml link of a policy in the multiple hub env 2119326 - Can't view details of the SecurityContextConstraints policy for managed clusters from UI
- Bugs fixed (https://bugzilla.redhat.com/):
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
- JIRA issues fixed (https://issues.jboss.org/):
LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node
-
To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
-
Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are
(For x86_64 architecture) The image digest is sha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9
(For s390x architecture) The image digest is sha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8
(For ppc64le architecture) The image digest is sha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7
(For aarch64 architecture) The image digest is sha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1990",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5037"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.8
},
"cve": "CVE-2022-1927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1927",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423615",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1927",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1927",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1927",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1927",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1927",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-423615",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Vim versions prior to 8.2 have a security vulnerability caused by buffer overreading. Summary:\n\nUpdated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat\nEnterprise Linux 8. Description:\n\nRed Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n(CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo`\nstructure (CVE-2022-24773)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat OpenShift Data Foundation Release Notes for\ninformation on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these\nupdated images, which provide numerous bug fixes and enhancements. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937117 - Deletion of StorageCluster doesn\u0027t remove ceph toolbox pod\n1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified\n1973317 - libceph: read_partial_message and bad crc/signature errors\n1996829 - Permissions assigned to ceph auth principals when using external storage are too broad\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2027724 - Warning log for rook-ceph-toolbox in ocs-operator log\n2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056697 - odf-csi-addons-operator subscription failed while using custom catalog source\n2058211 - Add validation for CIDR field in DRPolicy\n2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced\n2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10\n2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE\n2063691 - [GSS] [RFE] Add termination policy to s3 route\n2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2066514 - OCS operator to install Ceph prometheus alerts instead of Rook\n2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure\n2069314 - OCS external mode should allow specifying names for all Ceph auth principals\n2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. \n2069812 - must-gather: rbd_vol_and_snap_info collection is broken\n2069815 - must-gather: essential rbd mirror command outputs aren\u0027t collected\n2070542 - After creating a new storage system it redirects to 404 error page instead of the \"StorageSystems\" page for OCP 4.11\n2071494 - [DR] Applications are not getting deployed\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty\n2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled\n2075426 - 4.10 must gather is not available after GA of 4.10\n2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in \"Progressing\" state although all the openshift-storage pods are up and Running\n2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost\n2077242 - vg-manager missing permissions\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2079866 - [DR] odf-multicluster-console is in CLBO state\n2079873 - csi-nfsplugin pods are not coming up after successful patch request to update \"ROOK_CSI_ENABLE_NFS\": \"true\"\u0027\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2081680 - Add the LVM Operator into the Storage category in OperatorHub\n2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation\n2082078 - OBC\u0027s not getting created on primary cluster when manageds3 set as \"true\" for mirrorPeer\n2082497 - Do not filter out removable devices\n2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending)\n2083441 - LVM operator should deploy the volumesnapshotclass resource\n2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status\n2083993 - Add missing pieces for storageclassclaim\n2084041 - [Console Migration] Link-able storage system name directs to blank page\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided\"\n2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates\n2084546 - [Console Migration] Provider details absent under backing store in UI\n2084565 - [Console Migration] The creation of new backing store , directs to a blank page\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred\n2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace\n2086557 - Thin pool in lvm operator doesn\u0027t use all disks\n2086675 - [UI]No option to \"add capacity\" via the Installed Operators tab\n2086982 - ODF 4.11 deployment is failing\n2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm\n2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and \u0027Overview\u0027 tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown\n2087107 - Set default storage class if none is set\n2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message\n2087675 - ocs-metrics-exporter pod crashes on odf v4.11\n2087732 - [Console Migration] Events page missing under new namespace store\n2087755 - [Console Migration] Bucket Class details page doesn\u0027t have the complete details in UI\n2088359 - Send VG Metrics even if storage is being consumed from thinPool alone\n2088380 - KMS using vault on standalone MCG cluster is not enabled\n2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint\n2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook\n2089296 - [MS v2] Storage cluster in error phase and \u0027ocs-provider-qe\u0027 addon installation failed with ODF 4.10.2\n2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts\n2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9. \n2089552 - [MS v2] Cannot create StorageClassClaim\n2089567 - [Console Migration] Improve the styling of Various Components\n2089786 - [Console Migration] \"Attach to deployment\" option is missing in kebab menu for Object Bucket Claims . \n2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket. \n2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed\n2090278 - [LVMO] Some containers are missing resource requirements and limits\n2090314 - [LVMO] CSV is missing some useful annotations\n2090953 - [MCO] DRCluster created under default namespace\n2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics\n2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool. \n2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference\n2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external\n2091894 - All backingstores in cluster spontaneously change their own secret\n2091951 - [GSS] OCS pods are restarting due to liveness probe failure\n2091998 - Volume Snapshots not work with external restricted mode\n2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool\n2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks\n2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le)\n2092349 - Enable zeroing on the thin-pool during creation\n2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase\n2092400 - [MS v2] StorageClassClaim creation is failing with error \"no StorageCluster found\"\n2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically\n2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected\n2094179 - MCO fails to create DRClusters when replication mode is synchronous\n2094853 - [Console Migration] Description under storage class drop down in add capacity is missing . \n2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2095155 - Use tool `black` to format the python external script\n2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster\n2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time\n2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page\n2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened\n2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False\n2096937 - Storage - Data Foundation: i18n misses\n2097216 - Collect StorageClassClaim details in must-gather\n2097287 - [UI] Dropdown doesn\u0027t close on it\u0027s own after arbiter zone selection on \u0027Capacity and nodes\u0027 page\n2097305 - Add translations for ODF 4.11\n2098121 - Managed ODF not getting detected\n2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment\n2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled\n2099581 - StorageClassClaim with encryption gets into Failed state\n2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project\n2099646 - Block pool list page kebab action menu is showing empty options\n2099660 - OCS dashbaords not appearing unless user clicks on \"Overview\" Tab\n2099724 - S3 secret namespace on the managed cluster doesn\u0027t match with the namespace in the s3profile\n2099965 - rbd: provide option to disable setting metadata on RBD images\n2100326 - [ODF to ODF] Volume snapshot creation failed\n2100352 - Make lvmo pod labels more uniform\n2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary\n2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install\n2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection\n2103818 - Restored snapshot don\u0027t have any content\n2104833 - Need to update configmap for IBM storage odf operator GA\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Solution:\n\nThe OpenShift Service Mesh Release Notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1105 - IOR doesn\u0027t support a host with namespace/ prefix\nOSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start\nOSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing\nOSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace\nOSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes\nOSSM-1800 - IOR should copy labels from Gateway to Route\nOSSM-1805 - Reconcile SMCP when Kiali is not available\nOSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER\nOSSM-1868 - Container release for Maistra 2.2.2\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update\nAdvisory ID: RHSA-2022:6051-01\nProduct: RHOL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6051\nIssue date: 2022-08-18\nCVE Names: CVE-2021-38561 CVE-2022-0759 CVE-2022-1012\n CVE-2022-1292 CVE-2022-1586 CVE-2022-1785\n CVE-2022-1897 CVE-2022-1927 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-30631\n CVE-2022-32250\n====================================================================\n1. Summary:\n\nAn update is now available for RHOL-5.5-RHEL-8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nLogging Subsystem 5.5.0 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* kubeclient: kubeconfig parsing error can lead to MITM attacks\n(CVE-2022-0759)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1415 - Allow users to tune fluentd\nLOG-1539 - Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-1713 - Reduce Permissions granted for prometheus-k8s service account\nLOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created. \nLOG-2134 - The infra logs are sent to app-xx indices\nLOG-2159 - Cluster Logging Pods in CrashLoopBackOff\nLOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages. \nLOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL\nLOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext. \nLOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected. \nLOG-2242 - Log file metric exporter is still following /var/log/containers files. \nLOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed\nLOG-2264 - Logging link should contain an icon\nLOG-2274 - [Logging 5.5] EO doesn\u0027t recreate secrets kibana and kibana-proxy after removing them. \nLOG-2276 - Fluent config format is hard to read via configmap\nLOG-2290 - ClusterLogging Instance status in not getting updated in UI\nLOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1\nLOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint. \nLOG-2300 - [Logging 5.5]ES pods can\u0027t be ready after removing secret/signing-elasticsearch\nLOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck\nLOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously\nLOG-2333 - Journal logs not reaching Elasticsearch output\nLOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record. \nLOG-2342 - [Logging 5.5] Kibana pod can\u0027t connect to ES cluster after removing secret/signing-elasticsearch: \"x509: certificate signed by unknown authority\"\nLOG-2384 - Provide a method to get authenticated from GCP\nLOG-2411 - [Vector] Audit logs forwarding not working. \nLOG-2412 - CLO\u0027s loki output url is parsed wrongly\nLOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type\nLOG-2418 - EO supported time units don\u0027t match the units specified in CRDs. \nLOG-2439 - Telemetry: the managedStatus\u0026healthStatus\u0026version values are wrong\nLOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift\nLOG-2444 - The write index is removed when `the size of the index` \u003e `diskThresholdPercent% * total size`. \nLOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster. \nLOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack. \nLOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices\nLOG-2474 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]\nLOG-2522 - CLO supported time units don\u0027t match the units specified in CRDs. \nLOG-2525 - The container\u0027s logs are not sent to separate index if the annotation is added after the pod is ready. \nLOG-2546 - TLS handshake error on loki-gateway for FIPS cluster\nLOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector. \nLOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data\nLOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate\nLOG-2599 - Supported values for level field don\u0027t match documentation\nLOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert\nLOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect\nLOG-2619 - containers violate PodSecurity -- Log Exporation\nLOG-2627 - containers violate PodSecurity -- Loki\nLOG-2649 - Level Critical should match the beginning of the line as the other levels\nLOG-2656 - Logging uses deprecated v1beta1 apis\nLOG-2664 - Deprecated Feature logs causing too much noise\nLOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster\nLOG-2693 - Integration with Jaeger fails for ServiceMonitor\nLOG-2700 - [Vector] vector container can\u0027t start due to \"unknown field `pod_annotation_fields`\" . \nLOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance\nLOG-2725 - Upgrade logging-eventrouter Golang version and tags\nLOG-2731 - CLO keeps reporting `Reconcile ServiceMonitor retry error` and `Reconcile Service retry error` after creating clusterlogging. \nLOG-2732 - Prometheus Operator pod throws \u0027skipping servicemonitor\u0027 error on Jaeger integration\nLOG-2742 - unrecognized outputs when use the sts role secret\nLOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs\nLOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo\nLOG-2763 - [Vector]{Master} Vector\u0027s healthcheck fails when forwarding logs to Lokistack. \nLOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\nLOG-2765 - ingester pod can not be started in IPv6 cluster\nLOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy\nLOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx\nLOG-2773 - No cluster-logging-operator-metrics service in logging 5.5\nLOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack. \nLOG-2784 - Japanese log messages are garbled at Kibana\nLOG-2793 - [Vector] OVN audit logs are missing the level field. \nLOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF\nLOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF. \nLOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector. \nLOG-2875 - Seeing a black rectangle box on the graph in Logs view\nLOG-2876 - The link to the \u0027Container details\u0027 page on the \u0027Logs\u0027 screen throws error\nLOG-2877 - When there is no query entered, seeing error message on the Logs view\nLOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in \u0027Logs\u0027 screen\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2022-0759\nhttps://access.redhat.com/security/cve/CVE-2022-1012\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-32250\nhttps://access.redhat.com/security/updates/classification/#important\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYv5/w9zjgjWX9erEAQhRBBAAiZe24VtCQruCG/MvGEOowBvHf/YNANlR\nN6WAw2VezEfvFkG7z599MWZVWz2jnZO6cn9i+CoNDanAmItPJ8ljK4sitrP2ywrG\nOKwqIa4DPrywFFTSMxemB604ewE0cvXifuqG5bQDn+GvndiV/u/XaVTYZseY1P5X\n8ZIJ20cxROOE9pg0/3eya27edZxDrgWx6BtzSEZw47ReV3Dogqy+KzRCAAoN+pE5\ng2t/E0u0Ypmjil9Ttsop/ejUg/iz8UTGtua4m1nzhZrsoE84p5xIgvCEkYlh3OrD\ntfawpj1r9Avcjk4zbZkAe/enSQZQv0iWD792SoP7/ddX5tIu05ArvPWj/NvN/rI4\ndFzMe2UmezuS2EQpzaWOug2xSQUbR1hI+Y4cy0YOHuwzeaMeoHSbNYTJmOxKR0v1\n44a9oSBku+Xfk8nUNqS+9oq0z3DlAWt2BjbfrJCbSjZQdOUOIGM95L3ClrXY9LYF\nPT5v+h2W4myonj6HVhkv+Wy7aRbYQ7Qhk/3AaN7Dz5soBSNK4exvOzWXGuf/BdSf\nXFef6O87ipZveHQYmTfH+t8aJV1plEVTrm8pyz2EfzCv1Fnhjn0rvbGZAFBlvqW+\nvhxoj505RQBBhcno16V1zczdd8KsiqY7aZniTuh2DQAVvNhqsHgn8rvQ7HJlExun\neIFVKOxx310=ynB/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random\nticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be\npinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image\n(BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created\n(BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub\ncluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead\nof at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and\npolicysets cannot be shown real-time from UI (BZ# 2111843)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned\n2066059 - assisted-service-build image is too big in size\n2076901 - assisted-service pin-latest.py script should exclude the postgres image\n2078531 - iPXE artifacts need to be served via HTTP\n2081281 - Implementing new service-agent protocol on agent side\n2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors\n2090906 - RHACM 2.6.0 images\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2093503 - Assisted service POD keeps crashing after a bare metal host is created\n2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled\n2096445 - Assisted service POD keeps crashing after a bare metal host is created\n2096460 - Spoke BMH stuck \"inspecting\" when deployed via the converged workflow\n2097696 - Fix assisted CI jobs that fail for cluster-info readiness\n2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB\n2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart\n2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow\n2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2105339 - Search Application button on the Application Table for Subscription applications does not Redirect\n2105357 - [UI] hypershift cluster creation error - n[0] is undefined\n2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa\n2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications\n2107049 - The clusterrole for global clusterset did not created by default\n2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {\"error\": \"error listening on :8081: listen tcp :8081: bind: address already in use\"}\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107370 - Helm Release resource recreation feature does not work with the local cluster\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108888 - Hypershift on AWS - control plane not running\n2109370 - The button to create the cluster is not visible\n2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6\n2111218 - Create cluster - Infrastructure page crashes\n2111651 - \"View application\" button on app table for Flux applications redirects to apiVersion=ocp instead of flux\n2111663 - Hosted cluster in Pending import state\n2111671 - Leaked namespaces after deleting hypershift deployment\n2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs\n2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI\n2112180 - The policy page is crashed after input keywords in the search box\n2112281 - config-policy-controller pod can\u0027t startup in the OCP3.11 managed cluster\n2112318 - Can\u0027t delete the objects which are re-created by policy when deleting the policy\n2112321 - BMAC reconcile loop never stops after changes\n2112426 - No cluster discovered due to x509: certificate signed by unknown authority\n2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. \n2112793 - Can\u0027t view details of the policy template when set the spec.pruneObjectBehavior as unsupported value\n2112803 - ClusterServiceVersion for release 2.6 branch references \"latest\" tag\n2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster\n2113838 - the cluster proxy-agent was deployed on the non-infra nodes\n2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace\n2114982 - Control plane type shows \u0027Standalone\u0027 for hypershift cluster\n2115622 - Hub fromsecret function doesn\u0027t work for hosted mode in multiple hub\n2115723 - Can\u0027t view details of the policy template for customer and hypershift cluster in hosted mode from UI\n2115993 - Policy automation details panel was not updated after editing the mode back to disabled\n2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status\n2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster\n2117113 - The proxy-server-host was not correct in cluster-proxy-agent\n2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates\n2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn\u0027t work\n2118338 - Report the \"namespace not found\" error after clicked view yaml link of a policy in the multiple hub env\n2119326 - Can\u0027t view details of the SecurityContextConstraints policy for managed clusters from UI\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node\n\n6. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. \n\nThe sha values for the release are\n\n(For x86_64 architecture)\nThe image digest is\nsha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9\n\n(For s390x architecture)\nThe image digest is\nsha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8\n\n(For ppc64le architecture)\nThe image digest is\nsha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7\n\n(For aarch64 architecture)\nThe image digest is\nsha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-15446 - (release-4.11) gather \"gateway-mode-config\" config map from \"openshift-network-operator\" namespace\nOCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading \u0027apiGroup\u0027)\nOCPBUGS-15645 - Can\u0027t use git lfs in BuildConfig git source with strategy Docker\nOCPBUGS-15739 - Environment cannot find Python\nOCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions\nOCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get \"https://registry.centos.org/v2/\": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host\nOCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1927"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1927",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168150",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168112",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168287",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168222",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169435",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4253",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423615",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173605",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"id": "VAR-202205-1990",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:42:03.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24773"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0759"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://registry.centos.org/v2/\":"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:4052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-423615"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"date": "2022-08-25T15:22:18",
"db": "PACKETSTORM",
"id": "168150"
},
{
"date": "2022-09-01T16:33:07",
"db": "PACKETSTORM",
"id": "168222"
},
{
"date": "2022-08-19T15:03:34",
"db": "PACKETSTORM",
"id": "168112"
},
{
"date": "2022-09-07T16:57:47",
"db": "PACKETSTORM",
"id": "168284"
},
{
"date": "2023-01-26T15:29:09",
"db": "PACKETSTORM",
"id": "170741"
},
{
"date": "2022-09-07T17:07:14",
"db": "PACKETSTORM",
"id": "168287"
},
{
"date": "2022-12-09T14:52:40",
"db": "PACKETSTORM",
"id": "170179"
},
{
"date": "2023-07-19T15:37:11",
"db": "PACKETSTORM",
"id": "173605"
},
{
"date": "2022-05-29T14:15:08.047000",
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-423615"
},
{
"date": "2023-08-21T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"date": "2024-11-21T06:41:46.120000",
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.1
}
}
var-202206-0761
Vulnerability from variot
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-6557-1 December 14, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886)
It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000)
It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042)
It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231)
It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)
It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237)
It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.2 vim-athena 2:9.0.1672-1ubuntu2.2 vim-gtk3 2:9.0.1672-1ubuntu2.2 vim-nox 2:9.0.1672-1ubuntu2.2 vim-tiny 2:9.0.1672-1ubuntu2.2 xxd 2:9.0.1672-1ubuntu2.2
Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.3 vim-athena 2:9.0.1000-4ubuntu3.3 vim-gtk3 2:9.0.1000-4ubuntu3.3 vim-nox 2:9.0.1000-4ubuntu3.3 vim-tiny 2:9.0.1000-4ubuntu3.3 xxd 2:9.0.1000-4ubuntu3.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.15 vim-athena 2:8.2.3995-1ubuntu2.15 vim-gtk 2:8.2.3995-1ubuntu2.15 vim-gtk3 2:8.2.3995-1ubuntu2.15 vim-nox 2:8.2.3995-1ubuntu2.15 vim-tiny 2:8.2.3995-1ubuntu2.15 xxd 2:8.2.3995-1ubuntu2.15
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.21 vim-athena 2:8.1.2269-1ubuntu5.21 vim-gtk 2:8.1.2269-1ubuntu5.21 vim-gtk3 2:8.1.2269-1ubuntu5.21 vim-nox 2:8.1.2269-1ubuntu5.21 vim-tiny 2:8.1.2269-1ubuntu5.21 xxd 2:8.1.2269-1ubuntu5.21
Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm7 vim-athena 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7 vim-nox 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny 2:8.0.1453-1ubuntu1.13+esm7 xxd 2:8.0.1453-1ubuntu1.13+esm7
Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm22 vim-athena 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22 vim-nox 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny 2:7.4.1689-3ubuntu1.5+esm22
Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm15 vim-athena 2:7.4.052-1ubuntu3.1+esm15 vim-gtk 2:7.4.052-1ubuntu3.1+esm15 vim-nox 2:7.4.052-1ubuntu3.1+esm15 vim-tiny 2:7.4.052-1ubuntu3.1+esm15
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0761",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5063"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2000",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2000",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2000",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2000",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-947",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-424304",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-6557-1\nDecember 14, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 14.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to dereference invalid memory. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1725)\n\nIt was discovered that Vim could be made to recurse infinitely. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)\n\nIt was discovered that Vim could be made to write out of bounds with a put\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-1886)\n\nIt was discovered that Vim could be made to write out of bounds. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,\nCVE-2022-2000)\n\nIt was discovered that Vim did not properly manage memory in the spell\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-2042)\n\nIt was discovered that Vim did not properly manage memory. An attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2023-46246, CVE-2023-48231)\n\nIt was discovered that Vim could be made to divide by zero. An attacker\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)\n\nIt was discovered that Vim contained multiple arithmetic overflows. An\nattacker could possibly use these issues to cause a denial of service. \n(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,\nCVE-2023-48237)\n\nIt was discovered that Vim did not properly manage memory in the\nsubstitute command. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n vim 2:9.0.1672-1ubuntu2.2\n vim-athena 2:9.0.1672-1ubuntu2.2\n vim-gtk3 2:9.0.1672-1ubuntu2.2\n vim-nox 2:9.0.1672-1ubuntu2.2\n vim-tiny 2:9.0.1672-1ubuntu2.2\n xxd 2:9.0.1672-1ubuntu2.2\n\nUbuntu 23.04:\n vim 2:9.0.1000-4ubuntu3.3\n vim-athena 2:9.0.1000-4ubuntu3.3\n vim-gtk3 2:9.0.1000-4ubuntu3.3\n vim-nox 2:9.0.1000-4ubuntu3.3\n vim-tiny 2:9.0.1000-4ubuntu3.3\n xxd 2:9.0.1000-4ubuntu3.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.15\n vim-athena 2:8.2.3995-1ubuntu2.15\n vim-gtk 2:8.2.3995-1ubuntu2.15\n vim-gtk3 2:8.2.3995-1ubuntu2.15\n vim-nox 2:8.2.3995-1ubuntu2.15\n vim-tiny 2:8.2.3995-1ubuntu2.15\n xxd 2:8.2.3995-1ubuntu2.15\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.21\n vim-athena 2:8.1.2269-1ubuntu5.21\n vim-gtk 2:8.1.2269-1ubuntu5.21\n vim-gtk3 2:8.1.2269-1ubuntu5.21\n vim-nox 2:8.1.2269-1ubuntu5.21\n vim-tiny 2:8.1.2269-1ubuntu5.21\n xxd 2:8.1.2269-1ubuntu5.21\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n vim 2:8.0.1453-1ubuntu1.13+esm7\n vim-athena 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7\n vim-nox 2:8.0.1453-1ubuntu1.13+esm7\n vim-tiny 2:8.0.1453-1ubuntu1.13+esm7\n xxd 2:8.0.1453-1ubuntu1.13+esm7\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.1689-3ubuntu1.5+esm22\n vim-athena 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22\n vim-nox 2:7.4.1689-3ubuntu1.5+esm22\n vim-tiny 2:7.4.1689-3ubuntu1.5+esm22\n\nUbuntu 14.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.052-1ubuntu3.1+esm15\n vim-athena 2:7.4.052-1ubuntu3.1+esm15\n vim-gtk 2:7.4.052-1ubuntu3.1+esm15\n vim-nox 2:7.4.052-1ubuntu3.1+esm15\n vim-tiny 2:7.4.052-1ubuntu3.1+esm15\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424304",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2000",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167749",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071351",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424304",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"id": "VAR-202206-0761",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:11.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=196479"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2000"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4jjnus4aevysejmck6jzb57qhd5v2g4o/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4jjnus4aevysejmck6jzb57qhd5v2g4o/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167749/ubuntu-security-notice-usn-5516-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-parse-cmd-address-38615"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071351"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2000/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3431"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5516-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6557-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48237"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48232"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-424304"
},
{
"date": "2022-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"date": "2022-07-14T14:34:34",
"db": "PACKETSTORM",
"id": "167749"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2023-12-15T15:15:14",
"db": "PACKETSTORM",
"id": "176249"
},
{
"date": "2022-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"date": "2022-06-09T16:15:08.513000",
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-424304"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"date": "2023-08-21T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"date": "2024-11-21T07:00:08.973000",
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
],
"trust": 0.6
}
}
var-202201-0356
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)
It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the compile_get_env() function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158)
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213)
A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4040"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167788"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0156",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-411554",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0156",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0156",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0156",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0156",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0156",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0156",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-667",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411554",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0156",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)\nIt was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim\u0027s internal memory. (CVE-2022-0158)\nA flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213)\nA heap based out-of-bounds write flaw was found in vim\u0027s ops.c. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)\nA flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)\nA flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-0407)\n\nIt was discovered that Vim contained a NULL pointer dereference\nvulnerability when switching tabpages. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0156",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167788",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3560",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-03942",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411554",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"id": "VAR-202201-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:23.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213183 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=177699"
},
{
"title": "Red Hat: CVE-2022-0156",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0156"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Big Sur 11.6.8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=46307825e8223bef6aa99c76dff503a5"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213344"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/13"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072102"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213344"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3560"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-vim-vsnprintf-typval-37249"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1567.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213344."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411554"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"date": "2023-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:29",
"db": "PACKETSTORM",
"id": "167788"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"date": "2022-01-10T16:15:09.733000",
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-411554"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"date": "2023-01-31T02:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"date": "2024-11-21T06:38:01.293000",
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
],
"trust": 0.6
}
}
var-202201-0040
Vulnerability from variot
vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. (CVE-2022-0156)
It was discovered that Vim contained a heap-based buffer overflow vulnerability. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4009"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0128",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-411340",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0128",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0128",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0128",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0128",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0128",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0128",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-447",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411340",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. A file could use that flaw to disclose 1 byte of vim\u0027s internal memory. (CVE-2022-0158). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. (CVE-2022-0156)\n\nIt was discovered that Vim contained a heap-based buffer overflow\nvulnerability. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. (CVE-2022-0407)\n\nIt was discovered that Vim contained a NULL pointer dereference\nvulnerability when switching tabpages. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411340",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0128",
"trust": 3.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-03900",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411340",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0128",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"id": "VAR-202201-0040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:36:42.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=177661"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-find-ex-command-37455"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2022/alas-2022-014.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411340"
},
{
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-411340"
},
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"date": "2023-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"date": "2022-01-06T17:15:07.883000",
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-411340"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0128"
},
{
"date": "2023-01-19T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2022-002875"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-447"
},
{
"date": "2024-11-21T06:37:57.607000",
"db": "NVD",
"id": "CVE-2022-0128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-447"
}
],
"trust": 0.6
}
}
var-202205-0527
Vulnerability from variot
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4901"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-1620",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-419733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1620",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1620",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1620",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1620",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419733",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1620",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1620",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419733",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"id": "VAR-202205-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:50:35.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NULL\u00a0pointer\u00a0access\u00a0when\u00a0using\u00a0invalid\u00a0pattern Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193100"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1620"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050911"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-vim-regexec-string-38311"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1620/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419733"
},
{
"date": "2022-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"date": "2022-05-08T11:15:07.880000",
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-419733"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"date": "2023-08-16T01:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"date": "2024-11-21T06:41:06.593000",
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
],
"trust": 0.6
}
}
var-202201-0416
Vulnerability from variot
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4217"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0368",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-413368",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0368",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0368",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0368",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0368",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0368",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0368",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2480",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413368",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0368",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-413368",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0368",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060217",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-413368",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0368",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"id": "VAR-202201-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:03:46.843000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183814"
},
{
"title": "Red Hat: CVE-2022-0368",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0368"
},
{
"title": "Ubuntu Security Notice: USN-5458-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5458-1"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-023"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-0368 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0368"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-src-undo-c-37782"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5458-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413368"
},
{
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-413368"
},
{
"date": "2022-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"date": "2023-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"date": "2022-01-26T18:15:08.077000",
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413368"
},
{
"date": "2022-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0368"
},
{
"date": "2023-04-10T05:38:00",
"db": "JVNDB",
"id": "JVNDB-2022-004365"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2480"
},
{
"date": "2024-11-21T06:38:28.443000",
"db": "NVD",
"id": "CVE-2022-0368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004365"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2480"
}
],
"trust": 0.6
}
}
var-202112-2424
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in vim. There is no more information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3902"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4173",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4173",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"id": "CVE-2021-4173",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4173",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4173",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4173",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-4173",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408729",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in vim. There is no more information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408729",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4173",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05064",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"id": "VAR-202112-2424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:51.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176548"
},
{
"title": "Red Hat: CVE-2021-4173",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4173"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-4173"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-nested-def-function-37184"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-408729"
},
{
"date": "2021-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"date": "2021-12-27T13:15:07.653000",
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408729"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"date": "2023-01-17T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"date": "2024-11-21T06:37:04.030000",
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
],
"trust": 0.6
}
}
var-202205-0524
Vulnerability from variot
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4899"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1619",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1619",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419732",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1619",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1619",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1619",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1619",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1619",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1619",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419732",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1619",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050910",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419732",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"id": "VAR-202205-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:15:54.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193101"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1619"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220930-0007/"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1619"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1619/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050910"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-cmdline-erase-chars-38310"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419732"
},
{
"date": "2022-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"date": "2022-05-08T10:15:07.940000",
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-419732"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"date": "2023-08-16T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"date": "2024-11-21T06:41:06.413000",
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
],
"trust": 0.6
}
}
var-202112-2539
Vulnerability from variot
vim is vulnerable to Out-of-bounds Read. SourceCoster Online Covid Vaccination Scheduler System is an application system of SourceCoster company. Effectively manage COVID-19 vaccinations with reliable vaccine planning and cohort management solutions. There is a cross-site scripting vulnerability in Sourcecodester Online Covid vaccine Scheduler Systemv1. The vulnerability stems from the lack of escaping or filtering of user data in the lid parameter of the software. (CVE-2022-0319). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update Advisory ID: RHSA-2022:0445-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0445 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJ9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security Fix(es):
-
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
-
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content:
- On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example:
$ oc login -u system:admin
- Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands:
$ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done
- Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands:
$ oc -n openshift import-image redhat-sso74-openshift:1.0
- Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
CIAM-2059 - [log4j 1.x] test OCP image for ibm p/z
- References:
https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
-
RHACM 2.2.11 images (Bugzilla #2029508)
-
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
2030859)
- Bugs fixed (https://bugzilla.redhat.com/):
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina
Security Update 2022-005 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213343.
APFS Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Calendar Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
Calendar Available for: macOS Catalina Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
CoreText Available for: macOS Catalina Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
FaceTime Available for: macOS Catalina Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing
File System Events Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
ICU Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Catalina Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Kernel Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab
libxml2 Available for: macOS Catalina Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Catalina Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Catalina Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Catalina Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Catalina Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Catalina Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant
TCC Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Vim Available for: macOS Catalina Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
Wi-Fi Available for: macOS Catalina Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Security Update 2022-005 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32 qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1 PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA 6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J 96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj 8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK 8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao= =fcrb -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5458-1 June 02, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm5
In general, a standard system update will make all the necessary changes. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
-
vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872)
-
vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984)
-
vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019)
-
vim: use-after-free in win_linetabsize() (CVE-2021-4192)
-
vim: out-of-bound read in getvcol() (CVE-2021-4193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() in drawscreen.c 2028122 - CVE-2021-3984 vim: illegal memory access in find_start_brace() in cindent.c when C-indenting 2028212 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in help.c 2039685 - CVE-2021-4192 vim: use-after-free in win_linetabsize() 2039687 - CVE-2021-4193 vim: out-of-bound read in getvcol()
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
-
Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Bug fixes:
-
Inform ACM policy is not checking properly the node fields (BZ# 2015588)
-
ImagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image (BZ# 2021128)
-
Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576)
-
RHACM 2.3.6 images (BZ# 2029507)
-
Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002)
-
Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351)
-
Clustersets do not appear in UI (BZ# 2049810)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2015588 - Inform ACM policy is not checking properly the node fields 2021128 - imagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image 2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2029507 - RHACM 2.3.6 images 2030002 - Console UI enabled SNO UI Options not displayed during cluster creating 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2037351 - grc pod restarts for each new GET request to the Governance Policy Page 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2049810 - Clustersets do not appear in UI 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3950"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165902"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "166204"
}
],
"trust": 0.4
},
"cve": "CVE-2021-4193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4193",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-410614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4193",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4193",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4193",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4193",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-410614",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4193",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Out-of-bounds Read. SourceCoster Online Covid Vaccination Scheduler System is an application system of SourceCoster company. Effectively manage COVID-19 vaccinations with reliable vaccine planning and cohort management solutions. There is a cross-site scripting vulnerability in Sourcecodester Online Covid vaccine Scheduler Systemv1. The vulnerability stems from the lack of escaping or filtering of user data in the lid parameter of the software. (CVE-2022-0319). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update\nAdvisory ID: RHSA-2022:0445-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0445\nIssue date: 2022-02-07\nCVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 \n CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 \n CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 \n CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 \n CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 \n CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 \n CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 \n CVE-2022-23305 CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA new image is available for Red Hat Single Sign-On 7.4.10 on OpenJ9,\nrunning on OpenShift Container Platform 3.10 and 3.11, and 4.3. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. \n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use\nwithin the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing\nPlatform-as-a-Service (PaaS) for on-premise or private cloud deployments,\naligning with the standalone product release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image,\nFollow these steps to pull in the content:\n\n1. On your master hosts, ensure you are logged into the CLI as a cluster\nadministrator or user with project administrator access to the global\n\"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in\nthe \"openshift\" project by running the following commands:\n\n$ for resource in sso74-image-stream.json \\\nsso74-https.json \\\nsso74-mysql.json \\\nsso74-mysql-persistent.json \\\nsso74-postgresql.json \\\nsso74-postgresql-persistent.json \\\nsso74-x509-https.json \\\nsso74-x509-mysql-persistent.json \\\nsso74-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso74-openshift:1.0\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCIAM-2059 - [log4j 1.x] test OCP image for ibm p/z\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3872\nhttps://access.redhat.com/security/cve/CVE-2021-3984\nhttps://access.redhat.com/security/cve/CVE-2021-4019\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-4122\nhttps://access.redhat.com/security/cve/CVE-2021-4192\nhttps://access.redhat.com/security/cve/CVE-2021-4193\nhttps://access.redhat.com/security/cve/CVE-2022-21248\nhttps://access.redhat.com/security/cve/CVE-2022-21282\nhttps://access.redhat.com/security/cve/CVE-2022-21283\nhttps://access.redhat.com/security/cve/CVE-2022-21293\nhttps://access.redhat.com/security/cve/CVE-2022-21294\nhttps://access.redhat.com/security/cve/CVE-2022-21296\nhttps://access.redhat.com/security/cve/CVE-2022-21299\nhttps://access.redhat.com/security/cve/CVE-2022-21305\nhttps://access.redhat.com/security/cve/CVE-2022-21340\nhttps://access.redhat.com/security/cve/CVE-2022-21341\nhttps://access.redhat.com/security/cve/CVE-2022-21360\nhttps://access.redhat.com/security/cve/CVE-2022-21365\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2029508 - RHACM 2.2.11 images\n2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina\n\nSecurity Update 2022-005 Catalina addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213343. \n\nAPFS\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Catalina\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nCalendar\nAvailable for: macOS Catalina\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCalendar\nAvailable for: macOS Catalina\nImpact: An app may be able to access user-sensitive data\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nCoreText\nAvailable for: macOS Catalina\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFaceTime\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nFile System Events\nAvailable for: macOS Catalina\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nICU\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nKernel\nAvailable for: macOS Catalina\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32815: Xinru Chi of Pangu Lab\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nlibxml2\nAvailable for: macOS Catalina\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nPackageKit\nAvailable for: macOS Catalina\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Catalina\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Catalina\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Catalina\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Catalina\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Catalina\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Catalina\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Catalina\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue in the handling of symlinks was\naddressed with improved validation of symlinks. \nCVE-2022-26704: Joshua Mason of Mandiant\n\nTCC\nAvailable for: macOS Catalina\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nVim\nAvailable for: macOS Catalina\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWi-Fi\nAvailable for: macOS Catalina\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nSecurity Update 2022-005 Catalina may be obtained from the Mac App\nStore or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p\nrhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32\nqA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC\nzB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1\nPlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA\n6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW\ng00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J\n96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj\n8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN\nNGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F\nlD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK\n8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao=\n=fcrb\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5458-1\nJune 02, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. An\nattacker could possibly use this issue to expose sensitive\ninformation. (CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen updating windows present on a screen, which could result in a\nheap buffer overflow. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly handling window\nexchanging operations when in Visual mode, which could result in an\nout-of-bounds read. An attacker could possibly use this issue to\nexpose sensitive information. (CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when\nparsing conditional expressions. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory\nallocation when processing data in Ex mode, which could result in a\nheap buffer overflow. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. \n(CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing line operations in Visual mode, which could result in\na heap buffer overflow. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. \n(CVE-2022-0361, CVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions\nwhen looking for spell suggestions, which could result in a stack\nbuffer overflow. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access\nwhen executing buffer operations, which could result in the usage of\nfreed memory. An attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-0443)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm5\n\nIn general, a standard system update will make all the necessary changes. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. \n\nSecurity Fix(es):\n\n* vim: heap-based buffer overflow in win_redr_status() in drawscreen.c\n(CVE-2021-3872)\n\n* vim: illegal memory access in find_start_brace() in cindent.c when\nC-indenting (CVE-2021-3984)\n\n* vim: heap-based buffer overflow in find_help_tags() in help.c\n(CVE-2021-4019)\n\n* vim: use-after-free in win_linetabsize() (CVE-2021-4192)\n\n* vim: out-of-bound read in getvcol() (CVE-2021-4193)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() in drawscreen.c\n2028122 - CVE-2021-3984 vim: illegal memory access in find_start_brace() in cindent.c when C-indenting\n2028212 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in help.c\n2039685 - CVE-2021-4192 vim: use-after-free in win_linetabsize()\n2039687 - CVE-2021-4193 vim: out-of-bound read in getvcol()\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.6 General\nAvailability\nrelease images, which provide security updates and bug fixes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* Follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nBug fixes:\n\n* Inform ACM policy is not checking properly the node fields (BZ# 2015588)\n\n* ImagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8\nimage (BZ# 2021128)\n\n* Traceback blocks reconciliation of helm repository hosted on AWS S3\nstorage (BZ# 2021576)\n\n* RHACM 2.3.6 images (BZ# 2029507)\n\n* Console UI enabled SNO UI Options not displayed during cluster creating\n(BZ# 2030002)\n\n* Grc pod restarts for each new GET request to the Governance Policy Page\n(BZ# 2037351)\n\n* Clustersets do not appear in UI (BZ# 2049810)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2015588 - Inform ACM policy is not checking properly the node fields\n2021128 - imagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8 image\n2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage\n2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability\n2029507 - RHACM 2.3.6 images\n2030002 - Console UI enabled SNO UI Options not displayed during cluster creating\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2037351 - grc pod restarts for each new GET request to the Governance Policy Page\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2049810 - Clustersets do not appear in UI\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4193"
},
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "165902"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "166204"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-410614",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4193",
"trust": 1.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "165813",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165902",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167368",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166204",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166199",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165930",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-09304",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-410614",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "165902"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "166204"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"id": "VAR-202112-2539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:12:31.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220476 - Security Advisory"
},
{
"title": "Red Hat: Moderate: vim security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220366 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-4193",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4193"
},
{
"title": "Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220721 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: USN-5458-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5458-1"
},
{
"title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220595 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220445 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220444 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220735 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220842 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.2,
"url": "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.2,
"url": "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5458-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4122"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0185"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.ga/templates/${resource}"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "165902"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "166204"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-410614"
},
{
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "165902"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "165813"
},
{
"db": "PACKETSTORM",
"id": "166204"
},
{
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-410614"
},
{
"date": "2021-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-02-09T16:02:16",
"db": "PACKETSTORM",
"id": "165902"
},
{
"date": "2022-03-15T15:44:21",
"db": "PACKETSTORM",
"id": "166309"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2022-06-02T17:08:47",
"db": "PACKETSTORM",
"id": "167368"
},
{
"date": "2022-02-02T16:48:00",
"db": "PACKETSTORM",
"id": "165813"
},
{
"date": "2022-03-04T16:17:56",
"db": "PACKETSTORM",
"id": "166204"
},
{
"date": "2021-12-31T16:15:07.747000",
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-410614"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4193"
},
{
"date": "2024-11-21T06:37:07.027000",
"db": "NVD",
"id": "CVE-2021-4193"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165902"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo Linux Security Advisory 202208-32",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "165902"
}
],
"trust": 0.1
}
}
var-202206-1427
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability due to buffer out-of-bounds reads. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1427",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5120"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2124",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2124",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2124",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2124",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1995",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426193",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2124",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability due to buffer out-of-bounds reads. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426193",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2124",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-426193",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"id": "VAR-202206-1427",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:21:02.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212450"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2124"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2124"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2124/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-current-quote-38628"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426193"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"date": "2022-06-19T10:15:09.210000",
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426193"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"date": "2023-08-23T07:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"date": "2024-11-21T07:00:21.690000",
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
],
"trust": 0.6
}
}
var-202201-0499
Vulnerability from variot
Heap-based Buffer Overflow in vim/vim prior to 8.2. Summary:
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes Advisory ID: RHSA-2022:1476-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1476 Issue date: 2022-04-20 CVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-27191 =====================================================================
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
Related bugs:
-
RHACM 2.4.3 image files (BZ #2057249)
-
Observability - dashboard name contains
/would cause error when generating dashboard cm (BZ #2032128) -
ACM application placement fails after renaming the application name (BZ
2033051)
-
Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
-
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
-
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
-
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ
2048500)
-
clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
-
Application cluster status is not updated in UI after restoring (BZ
2053279)
-
OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
-
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
-
Subscriptions stop reconciling after channel secrets are recreated (BZ
2059954)
-
Placementrule is not reconciling on a new fresh environment (BZ #2074156)
-
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- References:
https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0144 https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-0811 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-24450 https://access.redhat.com/security/cve/CVE-2022-24778 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW1wIACgkQ4RjMIDke NxnZ+xAAqoucBvVAByV37Mr4jEpccIOz7wHZ/4vv7+y7dm34CenADqWWkHi9dHD9 Esk5iJaS1vrapc8BdZLfa5EzI5jo9dww+gqs/sqq48bugg86JmDJe77f9EPwjbm0 shX3psa1A3RWfESeNdOUl+MEk/1zip5fstehhqBS54kGMCK1Q4fQmWNmWZHEZyGX W8OFY8nUIceEpL402U+sCc8HscAfcsKkcsMApjrwjVmr/oFdPDfCXgMVYxSh6Xrv F24+7zGPI1sl3SI1fzaP30fZRY7COGkUSQ2zpVQZsiazqt3G6kCQrv99Ut/OAMl+ 0DHPLtV/Tv31s6CyjvCNEIpVpRkPZ6AgYYvQHbuJBmFsV4EP86eZ8kj9XBxfjk4+ kz/cXAgDE8Q7rvT/8uFr/TWS+uP9H4J87FMGuYrQR33lptaiJyP0sy2TTnJ5fTm5 FPH7vbcL4lSo//YK7TNxHMdDzDNSH+dcfFcXPHHSrcW27KuM4Rft8esy+r9r+SZj mJlZa5pVqlo8BjsOnkWd559N2UrFQxB0trwEaAAeQPMPjczc6yR8rxmh01dpZ2CW 0curmxCY81yt/Gm+qCcuAbXG3XQSYYH6Bc+vkxiyFXYnuHNRQCdFTLBG7muc1my6 gitAC7jLftbZMtTQPmbgeyhsBPjqmT7L0O7DzDuHHLQi3O/xc28= =lEWC -----END PGP SIGNATURE——
. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0499",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4151"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
}
],
"trust": 0.5
},
"cve": "CVE-2022-0318",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-0318",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-412969",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0318",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0318",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0318",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0318",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2134",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-412969",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-0318",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in vim/vim prior to 8.2. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes\nAdvisory ID: RHSA-2022:1476-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1476\nIssue date: 2022-04-20\nCVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 \n CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 \n CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 \n CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 \n CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 \n CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 \n CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 \n CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 \n CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 \n CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 \n CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 \n CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 \n CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 \n CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 \n CVE-2022-25315 CVE-2022-27191 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 General\nAvailability release images. This update provides security fixes, bug\nfixes, and updates the container images. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE links in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous\nerrata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-0920\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-4154\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0144\nhttps://access.redhat.com/security/cve/CVE-2022-0155\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0261\nhttps://access.redhat.com/security/cve/CVE-2022-0318\nhttps://access.redhat.com/security/cve/CVE-2022-0330\nhttps://access.redhat.com/security/cve/CVE-2022-0359\nhttps://access.redhat.com/security/cve/CVE-2022-0361\nhttps://access.redhat.com/security/cve/CVE-2022-0392\nhttps://access.redhat.com/security/cve/CVE-2022-0413\nhttps://access.redhat.com/security/cve/CVE-2022-0435\nhttps://access.redhat.com/security/cve/CVE-2022-0492\nhttps://access.redhat.com/security/cve/CVE-2022-0516\nhttps://access.redhat.com/security/cve/CVE-2022-0536\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-0811\nhttps://access.redhat.com/security/cve/CVE-2022-0847\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-22942\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-24450\nhttps://access.redhat.com/security/cve/CVE-2022-24778\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW1wIACgkQ4RjMIDke\nNxnZ+xAAqoucBvVAByV37Mr4jEpccIOz7wHZ/4vv7+y7dm34CenADqWWkHi9dHD9\nEsk5iJaS1vrapc8BdZLfa5EzI5jo9dww+gqs/sqq48bugg86JmDJe77f9EPwjbm0\nshX3psa1A3RWfESeNdOUl+MEk/1zip5fstehhqBS54kGMCK1Q4fQmWNmWZHEZyGX\nW8OFY8nUIceEpL402U+sCc8HscAfcsKkcsMApjrwjVmr/oFdPDfCXgMVYxSh6Xrv\nF24+7zGPI1sl3SI1fzaP30fZRY7COGkUSQ2zpVQZsiazqt3G6kCQrv99Ut/OAMl+\n0DHPLtV/Tv31s6CyjvCNEIpVpRkPZ6AgYYvQHbuJBmFsV4EP86eZ8kj9XBxfjk4+\nkz/cXAgDE8Q7rvT/8uFr/TWS+uP9H4J87FMGuYrQR33lptaiJyP0sy2TTnJ5fTm5\nFPH7vbcL4lSo//YK7TNxHMdDzDNSH+dcfFcXPHHSrcW27KuM4Rft8esy+r9r+SZj\nmJlZa5pVqlo8BjsOnkWd559N2UrFQxB0trwEaAAeQPMPjczc6yR8rxmh01dpZ2CW\n0curmxCY81yt/Gm+qCcuAbXG3XQSYYH6Bc+vkxiyFXYnuHNRQCdFTLBG7muc1my6\ngitAC7jLftbZMtTQPmbgeyhsBPjqmT7L0O7DzDuHHLQi3O/xc28=\n=lEWC\n-----END PGP SIGNATURE\u2014\u2014\n\n\n. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Monterey\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0318"
},
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-412969",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0318",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166323",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022052327",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031527",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032446",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0921",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2516",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-412969",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"id": "VAR-202201-0499",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:27:51.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183799"
},
{
"title": "Debian CVElist Bug Report Logs: vim : CVE-2022-0318",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0321046a6188a735269eef60b40f3a2c"
},
{
"title": "Red Hat: Moderate: vim security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220894 - Security Advisory"
},
{
"title": "Red Hat: CVE-2022-0318",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0318"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-020",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-020"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20241115-0004/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031527"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032446"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2516"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040631"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-block-insert-37456"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0921"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052327"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-412969"
},
{
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-412969"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431"
},
{
"date": "2022-03-24T14:36:50",
"db": "PACKETSTORM",
"id": "166433"
},
{
"date": "2022-04-21T15:12:25",
"db": "PACKETSTORM",
"id": "166812"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"date": "2022-01-21T12:15:10.053000",
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-412969"
},
{
"date": "2022-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0318"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2134"
},
{
"date": "2024-11-21T06:38:22.010000",
"db": "NVD",
"id": "CVE-2022-0318"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vim Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2134"
}
],
"trust": 0.6
}
}
var-202202-0047
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. vim/vim Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lte",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4436"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0714",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415705",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0714",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0714",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0714",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0714",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0714",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0714",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1737",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-415705",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. vim/vim Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0714",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"id": "VAR-202202-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:35.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0714"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0714"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0714/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-change-indent-37649"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1579.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-415705"
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"date": "2023-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"date": "2022-02-22T20:15:07.630000",
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-415705"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"date": "2023-06-26T02:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"date": "2024-11-21T06:39:14.720000",
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
}
],
"trust": 0.6
}
}
var-202207-1716
Vulnerability from variot
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Vim of Vim For products from other vendors, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Vim is a cross-platform text editor. No detailed vulnerability details were provided at this time. Use after free in append_command in GitHub repository vim/vim before 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616) Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim before 8.2.4899. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows malicious users to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim before 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1621) Buffer Over-read in function find_next_quote in GitHub repository vim/vim before 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629) A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service. (CVE-2022-1674) A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1769) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based buffer overflow vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1771) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851) A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927) An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968) An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000) A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2125) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2126) Out-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2129) A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2182) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2183) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2208) Out-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2231). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-16
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #851231, #861092, #869359, #879257, #883681, #889730 ID: 202305-16
Synopsis
Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.1157 >= 9.0.1157 2 app-editors/vim < 9.0.1157 >= 9.0.1157 3 app-editors/vim-core < 9.0.1157 >= 9.0.1157
Description
Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"
References
[ 1 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 2 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 3 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 4 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 5 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 6 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 7 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 8 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 9 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 10 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 11 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 12 ] CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 [ 13 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 14 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 15 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 16 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 17 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 18 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 19 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 20 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 21 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 22 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 23 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 24 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 25 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 26 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 27 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 28 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 29 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 30 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 31 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 32 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 33 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 34 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 35 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 36 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 37 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 38 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 39 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 40 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 41 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 42 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 43 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 44 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 45 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 46 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 47 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 48 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 49 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 50 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 51 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 [ 52 ] CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 [ 53 ] CVE-2022-2816 https://nvd.nist.gov/vuln/detail/CVE-2022-2816 [ 54 ] CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 [ 55 ] CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 [ 56 ] CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 [ 57 ] CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 [ 58 ] CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 [ 59 ] CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 [ 60 ] CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 [ 61 ] CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 [ 62 ] CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 [ 63 ] CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 [ 64 ] CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 [ 65 ] CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 [ 66 ] CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 [ 67 ] CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 [ 68 ] CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 [ 69 ] CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 [ 70 ] CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 [ 71 ] CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 [ 72 ] CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 [ 73 ] CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 [ 74 ] CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 [ 75 ] CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 [ 76 ] CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 [ 77 ] CVE-2022-3491 https://nvd.nist.gov/vuln/detail/CVE-2022-3491 [ 78 ] CVE-2022-3520 https://nvd.nist.gov/vuln/detail/CVE-2022-3520 [ 79 ] CVE-2022-3591 https://nvd.nist.gov/vuln/detail/CVE-2022-3591 [ 80 ] CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 [ 81 ] CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 [ 82 ] CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 [ 83 ] CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 [ 84 ] CVE-2022-47024 https://nvd.nist.gov/vuln/detail/CVE-2022-47024 [ 85 ] CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 [ 86 ] CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 [ 87 ] CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. ========================================================================== Ubuntu Security Notice USN-6557-1 December 14, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886)
It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000)
It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042)
It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231)
It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)
It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237)
It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.2 vim-athena 2:9.0.1672-1ubuntu2.2 vim-gtk3 2:9.0.1672-1ubuntu2.2 vim-nox 2:9.0.1672-1ubuntu2.2 vim-tiny 2:9.0.1672-1ubuntu2.2 xxd 2:9.0.1672-1ubuntu2.2
Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.3 vim-athena 2:9.0.1000-4ubuntu3.3 vim-gtk3 2:9.0.1000-4ubuntu3.3 vim-nox 2:9.0.1000-4ubuntu3.3 vim-tiny 2:9.0.1000-4ubuntu3.3 xxd 2:9.0.1000-4ubuntu3.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.15 vim-athena 2:8.2.3995-1ubuntu2.15 vim-gtk 2:8.2.3995-1ubuntu2.15 vim-gtk3 2:8.2.3995-1ubuntu2.15 vim-nox 2:8.2.3995-1ubuntu2.15 vim-tiny 2:8.2.3995-1ubuntu2.15 xxd 2:8.2.3995-1ubuntu2.15
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.21 vim-athena 2:8.1.2269-1ubuntu5.21 vim-gtk 2:8.1.2269-1ubuntu5.21 vim-gtk3 2:8.1.2269-1ubuntu5.21 vim-nox 2:8.1.2269-1ubuntu5.21 vim-tiny 2:8.1.2269-1ubuntu5.21 xxd 2:8.1.2269-1ubuntu5.21
Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm7 vim-athena 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7 vim-nox 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny 2:8.0.1453-1ubuntu1.13+esm7 xxd 2:8.0.1453-1ubuntu1.13+esm7
Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm22 vim-athena 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22 vim-nox 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny 2:7.4.1689-3ubuntu1.5+esm22
Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm15 vim-athena 2:7.4.052-1ubuntu3.1+esm15 vim-gtk 2:7.4.052-1ubuntu3.1+esm15 vim-nox 2:7.4.052-1ubuntu3.1+esm15 vim-tiny 2:7.4.052-1ubuntu3.1+esm15
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6557-1 CVE-2022-1725, CVE-2022-1771, CVE-2022-1886, CVE-2022-1897, CVE-2022-2000, CVE-2022-2042, CVE-2023-46246, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2 https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-1716",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4959"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "13.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1725",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1725",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1725",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1725",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "security@huntr.dev",
"id": "CVE-2022-1725",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1725",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1725",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2929",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Vim of Vim For products from other vendors, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Vim is a cross-platform text editor. No detailed vulnerability details were provided at this time. Use after free in append_command in GitHub repository vim/vim before 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616)\nHeap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim before 8.2.4899. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows malicious users to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)\nHeap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim before 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1621)\nBuffer Over-read in function find_next_quote in GitHub repository vim/vim before 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629)\nA NULL pointer dereference flaw was found in vim\u0027s vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service. (CVE-2022-1674)\nA heap buffer over-read vulnerability was found in Vim\u0027s grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1769)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based buffer overflow vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1771)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851)\nA heap buffer overflow flaw was found in Vim\u0027s utf_head_off() function in the mbyte.c file. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927)\nAn out-of-bounds write vulnerability was found in Vim\u0027s vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968)\nAn out-of-bounds write vulnerability was found in Vim\u0027s append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000)\nA heap use-after-free vulnerability was found in Vim\u0027s skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2125)\nOut-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2126)\nOut-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2129)\nA heap buffer over-read vulnerability was found in Vim\u0027s put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2182)\nOut-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2183)\nOut-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2208)\nOut-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2231). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: May 03, 2023\n Bugs: #851231, #861092, #869359, #879257, #883681, #889730\n ID: 202305-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n==========\n\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.1157 \u003e= 9.0.1157\n 2 app-editors/vim \u003c 9.0.1157 \u003e= 9.0.1157\n 3 app-editors/vim-core \u003c 9.0.1157 \u003e= 9.0.1157\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Vim, gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.1157\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.1157\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.1157\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 2 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 3 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 4 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 5 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 6 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 7 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 8 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 9 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 10 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 11 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 12 ] CVE-2022-1725\n https://nvd.nist.gov/vuln/detail/CVE-2022-1725\n[ 13 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 14 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 15 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 16 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 17 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 18 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 19 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 20 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 21 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 22 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 23 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 24 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 25 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 26 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 27 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 28 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 29 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 30 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 31 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 32 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 33 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 34 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 35 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 36 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 37 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 38 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 39 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 40 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 41 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 42 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 43 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 44 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 45 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 46 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 47 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 48 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 49 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 50 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 51 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n[ 52 ] CVE-2022-2522\n https://nvd.nist.gov/vuln/detail/CVE-2022-2522\n[ 53 ] CVE-2022-2816\n https://nvd.nist.gov/vuln/detail/CVE-2022-2816\n[ 54 ] CVE-2022-2817\n https://nvd.nist.gov/vuln/detail/CVE-2022-2817\n[ 55 ] CVE-2022-2819\n https://nvd.nist.gov/vuln/detail/CVE-2022-2819\n[ 56 ] CVE-2022-2845\n https://nvd.nist.gov/vuln/detail/CVE-2022-2845\n[ 57 ] CVE-2022-2849\n https://nvd.nist.gov/vuln/detail/CVE-2022-2849\n[ 58 ] CVE-2022-2862\n https://nvd.nist.gov/vuln/detail/CVE-2022-2862\n[ 59 ] CVE-2022-2874\n https://nvd.nist.gov/vuln/detail/CVE-2022-2874\n[ 60 ] CVE-2022-2889\n https://nvd.nist.gov/vuln/detail/CVE-2022-2889\n[ 61 ] CVE-2022-2923\n https://nvd.nist.gov/vuln/detail/CVE-2022-2923\n[ 62 ] CVE-2022-2946\n https://nvd.nist.gov/vuln/detail/CVE-2022-2946\n[ 63 ] CVE-2022-2980\n https://nvd.nist.gov/vuln/detail/CVE-2022-2980\n[ 64 ] CVE-2022-2982\n https://nvd.nist.gov/vuln/detail/CVE-2022-2982\n[ 65 ] CVE-2022-3016\n https://nvd.nist.gov/vuln/detail/CVE-2022-3016\n[ 66 ] CVE-2022-3099\n https://nvd.nist.gov/vuln/detail/CVE-2022-3099\n[ 67 ] CVE-2022-3134\n https://nvd.nist.gov/vuln/detail/CVE-2022-3134\n[ 68 ] CVE-2022-3153\n https://nvd.nist.gov/vuln/detail/CVE-2022-3153\n[ 69 ] CVE-2022-3234\n https://nvd.nist.gov/vuln/detail/CVE-2022-3234\n[ 70 ] CVE-2022-3235\n https://nvd.nist.gov/vuln/detail/CVE-2022-3235\n[ 71 ] CVE-2022-3256\n https://nvd.nist.gov/vuln/detail/CVE-2022-3256\n[ 72 ] CVE-2022-3278\n https://nvd.nist.gov/vuln/detail/CVE-2022-3278\n[ 73 ] CVE-2022-3296\n https://nvd.nist.gov/vuln/detail/CVE-2022-3296\n[ 74 ] CVE-2022-3297\n https://nvd.nist.gov/vuln/detail/CVE-2022-3297\n[ 75 ] CVE-2022-3324\n https://nvd.nist.gov/vuln/detail/CVE-2022-3324\n[ 76 ] CVE-2022-3352\n https://nvd.nist.gov/vuln/detail/CVE-2022-3352\n[ 77 ] CVE-2022-3491\n https://nvd.nist.gov/vuln/detail/CVE-2022-3491\n[ 78 ] CVE-2022-3520\n https://nvd.nist.gov/vuln/detail/CVE-2022-3520\n[ 79 ] CVE-2022-3591\n https://nvd.nist.gov/vuln/detail/CVE-2022-3591\n[ 80 ] CVE-2022-3705\n https://nvd.nist.gov/vuln/detail/CVE-2022-3705\n[ 81 ] CVE-2022-4141\n https://nvd.nist.gov/vuln/detail/CVE-2022-4141\n[ 82 ] CVE-2022-4292\n https://nvd.nist.gov/vuln/detail/CVE-2022-4292\n[ 83 ] CVE-2022-4293\n https://nvd.nist.gov/vuln/detail/CVE-2022-4293\n[ 84 ] CVE-2022-47024\n https://nvd.nist.gov/vuln/detail/CVE-2022-47024\n[ 85 ] CVE-2023-0049\n https://nvd.nist.gov/vuln/detail/CVE-2023-0049\n[ 86 ] CVE-2023-0051\n https://nvd.nist.gov/vuln/detail/CVE-2023-0051\n[ 87 ] CVE-2023-0054\n https://nvd.nist.gov/vuln/detail/CVE-2023-0054\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. ==========================================================================\nUbuntu Security Notice USN-6557-1\nDecember 14, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 14.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to dereference invalid memory. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1725)\n\nIt was discovered that Vim could be made to recurse infinitely. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)\n\nIt was discovered that Vim could be made to write out of bounds with a put\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-1886)\n\nIt was discovered that Vim could be made to write out of bounds. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,\nCVE-2022-2000)\n\nIt was discovered that Vim did not properly manage memory in the spell\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-2042)\n\nIt was discovered that Vim did not properly manage memory. An attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2023-46246, CVE-2023-48231)\n\nIt was discovered that Vim could be made to divide by zero. An attacker\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)\n\nIt was discovered that Vim contained multiple arithmetic overflows. An\nattacker could possibly use these issues to cause a denial of service. \n(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,\nCVE-2023-48237)\n\nIt was discovered that Vim did not properly manage memory in the\nsubstitute command. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n vim 2:9.0.1672-1ubuntu2.2\n vim-athena 2:9.0.1672-1ubuntu2.2\n vim-gtk3 2:9.0.1672-1ubuntu2.2\n vim-nox 2:9.0.1672-1ubuntu2.2\n vim-tiny 2:9.0.1672-1ubuntu2.2\n xxd 2:9.0.1672-1ubuntu2.2\n\nUbuntu 23.04:\n vim 2:9.0.1000-4ubuntu3.3\n vim-athena 2:9.0.1000-4ubuntu3.3\n vim-gtk3 2:9.0.1000-4ubuntu3.3\n vim-nox 2:9.0.1000-4ubuntu3.3\n vim-tiny 2:9.0.1000-4ubuntu3.3\n xxd 2:9.0.1000-4ubuntu3.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.15\n vim-athena 2:8.2.3995-1ubuntu2.15\n vim-gtk 2:8.2.3995-1ubuntu2.15\n vim-gtk3 2:8.2.3995-1ubuntu2.15\n vim-nox 2:8.2.3995-1ubuntu2.15\n vim-tiny 2:8.2.3995-1ubuntu2.15\n xxd 2:8.2.3995-1ubuntu2.15\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.21\n vim-athena 2:8.1.2269-1ubuntu5.21\n vim-gtk 2:8.1.2269-1ubuntu5.21\n vim-gtk3 2:8.1.2269-1ubuntu5.21\n vim-nox 2:8.1.2269-1ubuntu5.21\n vim-tiny 2:8.1.2269-1ubuntu5.21\n xxd 2:8.1.2269-1ubuntu5.21\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n vim 2:8.0.1453-1ubuntu1.13+esm7\n vim-athena 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7\n vim-nox 2:8.0.1453-1ubuntu1.13+esm7\n vim-tiny 2:8.0.1453-1ubuntu1.13+esm7\n xxd 2:8.0.1453-1ubuntu1.13+esm7\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.1689-3ubuntu1.5+esm22\n vim-athena 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22\n vim-nox 2:7.4.1689-3ubuntu1.5+esm22\n vim-tiny 2:7.4.1689-3ubuntu1.5+esm22\n\nUbuntu 14.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.052-1ubuntu3.1+esm15\n vim-athena 2:7.4.052-1ubuntu3.1+esm15\n vim-gtk 2:7.4.052-1ubuntu3.1+esm15\n vim-nox 2:7.4.052-1ubuntu3.1+esm15\n vim-tiny 2:7.4.052-1ubuntu3.1+esm15\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6557-1\n CVE-2022-1725, CVE-2022-1771, CVE-2022-1886, CVE-2022-1897,\n CVE-2022-2000, CVE-2022-2042, CVE-2023-46246, CVE-2023-48231,\n CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235,\n CVE-2023-48236, CVE-2023-48237, CVE-2023-48706\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2\n https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "VULHUB",
"id": "VHN-422489"
},
{
"db": "VULMON",
"id": "CVE-2022-1725"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1725",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-68075",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-422489",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422489"
},
{
"db": "VULMON",
"id": "CVE-2022-1725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"id": "VAR-202207-1716",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422489"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:20:51.853000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209488"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422489"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 2.5,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-buflist-findpat-39908"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1725/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1829.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6557-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48237"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48232"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422489"
},
{
"db": "VULMON",
"id": "CVE-2022-1725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422489"
},
{
"db": "VULMON",
"id": "CVE-2022-1725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-422489"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2023-12-15T15:15:14",
"db": "PACKETSTORM",
"id": "176249"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"date": "2022-09-29T03:15:15.270000",
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-422489"
},
{
"date": "2023-10-23T07:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-018758"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2929"
},
{
"date": "2024-01-25T21:05:13.567000",
"db": "NVD",
"id": "CVE-2022-1725"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vim\u00a0 of \u00a0Vim\u00a0 in products from other multiple vendors \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018758"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2929"
}
],
"trust": 0.6
}
}
var-202201-0557
Vulnerability from variot
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0351",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-413296",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0351",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0351",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0351",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0351",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2329",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413296",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0351",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-413296",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0351",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167368",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0921",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060217",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-413296",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"id": "VAR-202201-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:27:07.605000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=180326"
},
{
"title": "Red Hat: CVE-2022-0351",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0351"
},
{
"title": "Ubuntu Security Notice: USN-5458-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5458-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-023"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-786",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167368/ubuntu-security-notice-usn-5458-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-github-repository-37404"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0921"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5458-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/786.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413296"
},
{
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "167368"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-413296"
},
{
"date": "2022-01-25T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"date": "2023-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-06-02T17:08:47",
"db": "PACKETSTORM",
"id": "167368"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"date": "2022-01-25T18:15:08.100000",
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413296"
},
{
"date": "2022-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0351"
},
{
"date": "2023-03-23T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-004156"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2329"
},
{
"date": "2024-11-21T06:38:26.260000",
"db": "NVD",
"id": "CVE-2022-0351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004156"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2329"
}
],
"trust": 0.6
}
}
var-202204-1327
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. vim/vim Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
-
vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
-
vim: Out-of-range Pointer Offset (CVE-2022-1420)
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
-
vim: use after free in utf_ptr2char (CVE-2022-1154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2058483 - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim 2064064 - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim 2073013 - CVE-2022-1154 vim: use after free in utf_ptr2char 2077734 - CVE-2022-1420 vim: Out-of-range Pointer Offset 2083924 - CVE-2022-1621 vim: heap buffer overflow 2083931 - CVE-2022-1629 vim: buffer over-read
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv NNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/ 3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy mLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs xbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B Cz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc 0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt LicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv cSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi 47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg qQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY SbZjTjlw0C4=7TgI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5613-2 September 19, 2022
vim regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-5613-1 caused a regression in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154)
It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5613-2 https://ubuntu.com/security/notices/USN-5613-1 CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, https://launchpad.net/bugs/1989973
Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4774"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-419533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1420",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2022-1420",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1420",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1420",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3939",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419533",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. vim/vim Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)\n\n* vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)\n\n* vim: Out-of-range Pointer Offset (CVE-2022-1420)\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\n* vim: use after free in utf_ptr2char (CVE-2022-1154)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2058483 - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim\n2064064 - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim\n2073013 - CVE-2022-1154 vim: use after free in utf_ptr2char\n2077734 - CVE-2022-1420 vim: Out-of-range Pointer Offset\n2083924 - CVE-2022-1621 vim: heap buffer overflow\n2083931 - CVE-2022-1629 vim: buffer over-read\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv\nNNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/\n3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy\nmLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs\nxbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B\nCz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc\n0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt\nLicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv\ncSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi\n47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg\nqQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY\nSbZjTjlw0C4=7TgI\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5613-2\nSeptember 19, 2022\n\nvim regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nUSN-5613-1 caused a regression in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nUSN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that Vim was not properly performing bounds checks\n when executing spell suggestion commands. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-0943)\n \n It was discovered that Vim was using freed memory when dealing with\n regular expressions through its old regular expression engine. If a user\n were tricked into opening a specially crafted file, an attacker could\n crash the application, leading to a denial of service, or possibly achieve\n code execution. (CVE-2022-1154)\n \n It was discovered that Vim was not properly performing checks on name of\n lambda functions. An attacker could possibly use this issue to cause a\n denial of service. This issue affected only Ubuntu 22.04 LTS. \n (CVE-2022-1420)\n \n It was discovered that Vim was incorrectly performing bounds checks\n when processing invalid commands with composing characters in Ex\n mode. An attacker could possibly use this issue to cause a denial of\n service or execute arbitrary code. (CVE-2022-1616)\n \n It was discovered that Vim was not properly processing latin1 data\n when issuing Ex commands. An attacker could possibly use this issue to\n cause a denial of service or execute arbitrary code. (CVE-2022-1619)\n \n It was discovered that Vim was not properly performing memory\n management when dealing with invalid regular expression patterns in\n buffers. An attacker could possibly use this issue to cause a denial of\n service. (CVE-2022-1620)\n \n It was discovered that Vim was not properly processing invalid bytes\n when performing spell check operations. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.9\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5613-2\n https://ubuntu.com/security/notices/USN-5613-1\n CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616,\n CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, https://launchpad.net/bugs/1989973\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1420",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419533",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"id": "VAR-202204-1327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:58:15.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=191052"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1420"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1597",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1597"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1805"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-eval-lambda-38138"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1420/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/823.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-419533"
},
{
"date": "2022-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"date": "2023-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"date": "2022-04-21T11:15:08.100000",
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-419533"
},
{
"date": "2022-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"date": "2023-08-08T01:57:00",
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"date": "2024-11-21T06:40:41.830000",
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
],
"trust": 0.6
}
}
var-202203-1324
Vulnerability from variot
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a security vulnerability in vim, and there is no information about the vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv NNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/ 3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy mLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs xbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B Cz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc 0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt LicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv cSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi 47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg qQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY SbZjTjlw0C4=7TgI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4563"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0943",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-415476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0943",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0943",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0943",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0943",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1381",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415476",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0943",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a security vulnerability in vim, and there is no information about the vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv\nNNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/\n3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy\nmLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs\nxbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B\nCz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc\n0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt\nLicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv\ncSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi\n47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg\nqQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY\nSbZjTjlw0C4=7TgI\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0943",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415476",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"id": "VAR-202203-1324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:17:20.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186594"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0943"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1597",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1597"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1805"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c3r36vslo4trx72swb6idjod24bqxpx2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/raiqtuo35u5wo2nymy47637emcvdjrsl/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c3r36vslo4trx72swb6idjod24bqxpx2/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/raiqtuo35u5wo2nymy47637emcvdjrsl/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-spell-suggest-38013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0943/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415476"
},
{
"date": "2022-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"date": "2022-03-14T21:15:07.887000",
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415476"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"date": "2023-07-24T02:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"date": "2024-11-21T06:39:42.793000",
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
],
"trust": 0.6
}
}
var-202205-1511
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4968"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1733",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-422497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1733",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1733",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1733",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1733",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1733",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1733",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422497",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1733",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1733",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"id": "VAR-202205-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:19:14.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "reading\u00a0past\u00a0end\u00a0of\u00a0the\u00a0line\u00a0when\u00a0C-indenting Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194286"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1733"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1733"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-38413"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-422497"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"date": "2022-05-17T17:15:08.097000",
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422497"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"date": "2023-08-17T07:44:00",
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"date": "2024-11-21T06:41:21.003000",
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
],
"trust": 0.6
}
}
var-202201-0355
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Summary:
The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
-
golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)
-
golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)
-
golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
-
golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page
- Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:0894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0894 Issue date: 2022-03-15 CVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
-
vim: Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261)
-
vim: Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318)
-
vim: Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359)
-
vim: Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361)
-
vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392)
-
vim: Use after free in src/ex_cmds.c (CVE-2022-0413)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: vim-X11-8.0.1763-16.el8_5.12.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm
noarch: vim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm
ppc64le: vim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm
s390x: vim-X11-8.0.1763-16.el8_5.12.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm
x86_64: vim-X11-8.0.1763-16.el8_5.12.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: vim-8.0.1763-16.el8_5.12.src.rpm
aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm
ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm
s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm
x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- This update provides security fixes, bug fixes, and updates the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
Related bugs:
-
RHACM 2.4.3 image files (BZ #2057249)
-
Observability - dashboard name contains
/would cause error when generating dashboard cm (BZ #2032128) -
ACM application placement fails after renaming the application name (BZ
2033051)
-
Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
-
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
-
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
-
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ
2048500)
-
clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
-
Application cluster status is not updated in UI after restoring (BZ
2053279)
-
OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
-
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
-
Subscriptions stop reconciling after channel secrets are recreated (BZ
2059954)
-
Placementrule is not reconciling on a new fresh environment (BZ #2074156)
-
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
-
Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4214"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
}
],
"trust": 0.7
},
"cve": "CVE-2022-0359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0359",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-413342",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0359",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0359",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0359",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-413342",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:0894-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0894\nIssue date: 2022-03-15\nCVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359\n CVE-2022-0361 CVE-2022-0392 CVE-2022-0413\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. \n\nSecurity Fix(es):\n\n* vim: Heap-based buffer overflow in block_insert() in src/ops.c\n(CVE-2022-0261)\n\n* vim: Heap-based buffer overflow in utf_head_off() in mbyte.c\n(CVE-2022-0318)\n\n* vim: Heap-based buffer overflow in init_ccline() in ex_getln.c\n(CVE-2022-0359)\n\n* vim: Illegal memory access when copying lines in visual mode leads to\nheap buffer overflow (CVE-2022-0361)\n\n* vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c\n(CVE-2022-0392)\n\n* vim: Use after free in src/ex_cmds.c (CVE-2022-0413)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nvim-X11-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm\n\nppc64le:\nvim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\n\ns390x:\nvim-X11-8.0.1763-16.el8_5.12.s390x.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\n\nx86_64:\nvim-X11-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nvim-8.0.1763-16.el8_5.12.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm\n\nppc64le:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-8.0.1763-16.el8_5.12.s390x.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-0261\nhttps://access.redhat.com/security/cve/CVE-2022-0318\nhttps://access.redhat.com/security/cve/CVE-2022-0359\nhttps://access.redhat.com/security/cve/CVE-2022-0361\nhttps://access.redhat.com/security/cve/CVE-2022-0392\nhttps://access.redhat.com/security/cve/CVE-2022-0413\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0359"
},
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-413342",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0359",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166323",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167368",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-413342",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"id": "VAR-202201-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:42:50.923000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413342"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166323"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-413342"
},
{
"date": "2022-05-05T17:35:22",
"db": "PACKETSTORM",
"id": "166976"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2022-03-15T15:50:42",
"db": "PACKETSTORM",
"id": "166323"
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431"
},
{
"date": "2022-03-24T14:36:50",
"db": "PACKETSTORM",
"id": "166433"
},
{
"date": "2022-04-21T15:12:25",
"db": "PACKETSTORM",
"id": "166812"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-01-26T12:15:08.030000",
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413342"
},
{
"date": "2024-11-21T06:38:27.263000",
"db": "NVD",
"id": "CVE-2022-0359"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-1734-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "166976"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, spoof, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "PACKETSTORM",
"id": "169561"
}
],
"trust": 0.2
}
}
var-202205-1405
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Galaxy Kylin desktop operating system is a domestic operating system. There is a binary vulnerability in the Galaxy Kylin desktop operating system, which can be exploited by attackers to cause the program to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4974"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-422626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1769",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1769",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1769",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1769",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1769",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422626",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Galaxy Kylin desktop operating system is a domestic operating system. There is a binary vulnerability in the Galaxy Kylin desktop operating system, which can be exploited by attackers to cause the program to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1769",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022052522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-45460",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-422626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"id": "VAR-202205-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:39.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194285"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1769"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1769/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-38414"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-422626"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"date": "2022-05-17T17:15:08.153000",
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422626"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"date": "2023-08-17T07:45:00",
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"date": "2024-11-21T06:41:25.697000",
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
],
"trust": 0.6
}
}
var-202205-1544
Vulnerability from variot
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. vim/vim Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1544",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4969"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-422499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1735",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1735",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1735",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1735",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422499",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1735",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. vim/vim Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1735",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422499",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"id": "VAR-202205-1544",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422499"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:50:13.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
},
{
"title": "Vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194116"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1735"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1735/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-changed-common-38611"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422499"
},
{
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-422499"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"date": "2022-05-17T19:15:08.150000",
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422499"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1735"
},
{
"date": "2023-08-17T05:42:00",
"db": "JVNDB",
"id": "JVNDB-2022-010790"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3602"
},
{
"date": "2024-11-21T06:41:21.320000",
"db": "NVD",
"id": "CVE-2022-1735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3602"
}
],
"trust": 0.6
}
}
var-202202-0148
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. vim/vim Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4418"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415357",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0685",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0685",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0685",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0685",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0685",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0685",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1663",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415357",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0685",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. vim/vim Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0685",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-13206",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415357",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0685",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"id": "VAR-202202-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:58:19.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0using\u00a0special\u00a0multi-byte\u00a0character Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183678"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0685"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-vim-isupper-37655"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0685/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/823.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-415357"
},
{
"date": "2022-02-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"date": "2023-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"date": "2022-02-20T11:15:07.373000",
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415357"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"date": "2023-06-19T04:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"date": "2024-11-21T06:39:10.937000",
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
],
"trust": 0.6
}
}
var-202205-2077
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5043"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1942",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423661",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1942",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1942",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1942",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423661",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1942",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1942",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3347",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50689",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423661",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"id": "VAR-202205-2077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:17:29.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=195410"
},
{
"title": "Ubuntu Security Notice: USN-5507-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5507-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1942"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-buflist-getfile-38517"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070807"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1942/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3347"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5507-1"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-423661"
},
{
"date": "2022-05-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"date": "2023-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"date": "2022-05-31T14:15:07.833000",
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-423661"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"date": "2023-08-24T00:55:00",
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"date": "2024-11-21T06:41:48.150000",
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
],
"trust": 0.6
}
}
var-202202-0008
Vulnerability from variot
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0156)
It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6195-1 CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0393, CVE-2022-0407, CVE-2022-0696
Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4428"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0696",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0696",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0696",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0696",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0696",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0696",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0696",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1716",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-415375",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0696",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0156)\n\nIt was discovered that Vim contained a heap-based buffer overflow\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6195-1\n CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0393,\n CVE-2022-0407, CVE-2022-0696\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0696",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415375",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0696",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"id": "VAR-202202-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:54:02.537000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184791"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-get-user-var-name-37654"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.2,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-415375"
},
{
"date": "2022-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"date": "2023-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"date": "2022-02-21T20:15:08.230000",
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-415375"
},
{
"date": "2022-03-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"date": "2023-06-26T02:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"date": "2024-11-21T06:39:12.430000",
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
],
"trust": 0.6
}
}
var-202205-0881
Vulnerability from variot
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint
2042652 - Unable to deploy hw-event-proxy operator
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047308 - Remove metrics and events for master port offsets
2055049 - No pre-caching for NFD images
2055436 - nfd-master tracking the wrong api group
2055439 - nfd-master tracking the wrong api group (operand)
2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules
2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag
2062849 - hw event proxy is not binding on ipv6 local address
2066860 - Wrong spec in NFD documentation under operand
2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2067312 - PPT event source is lost when received by the consumer
2077243 - NFD os release label lost after upgrade to ocp 4.10.6
2087511 - NFD SkipRange is wrong causing OLM install problems
2089962 - Node feature Discovery operator installation failed.
2090774 - Add Readme to plugin directory
2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- Summary:
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Bug Fix(es):
-
Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)
-
[MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965)
-
MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step (BZ#2099856)
-
Correct DNS validation for destination namespace (BZ#2102231)
-
Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082216 - Velero and Restic are using incorrect SCCs [OADP-BL] 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] 2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step 2102231 - Correct DNS validation for destination namespace 2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer
- JIRA issues fixed (https://issues.jboss.org/):
MIG-1155 - Update to newer ansible runner image for hooks MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1 MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11
- Description:
Release osp-director-operator images
Security Fix(es):
- go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
- go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
- go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
- go-getter: command injection vulnerability [Important] (CVE-2022-26945)
- golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565)
-
containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103)
-
Solution:
OSP 16.2 Release - OSP Director Operator Containers tech preview
- Bugs fixed (https://bugzilla.redhat.com/):
2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability
- Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2536 - Setting up ODF S3 for loki
LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator
LOG-2762 - [release-5.4]Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image
LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http'
LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.
LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle.
LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2083924 - CVE-2022-1621 vim: heap buffer overflow 2083931 - CVE-2022-1629 vim: buffer over-read
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update Advisory ID: RHSA-2022:6526-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:6526 Issue date: 2022-09-14 CVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-24370 CVE-2020-35492 CVE-2021-3580 CVE-2021-3634 CVE-2021-3737 CVE-2021-4115 CVE-2021-4189 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38561 CVE-2021-40528 CVE-2021-43527 CVE-2021-44716 CVE-2021-44717 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1621 CVE-2022-1629 CVE-2022-1798 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29824 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1937609 - VM cannot be restarted
1945593 - Live migration should be blocked for VMs with host devices
1968514 - [RFE] Add cancel migration action to virtctl
1993109 - CNV MacOS Client not signed
1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side
2001385 - no "name" label in virt-operator pod
2009793 - KBase to clarify nested support status is missing
2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate
2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)
2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation
2026357 - Migration in sequence can be reported as failed even when it succeeded
2029349 - cluster-network-addons-operator does not serve metrics through HTTPS
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2031857 - Add annotation for URL to download the image
2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2035344 - kubemacpool-mac-controller-manager not ready
2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered
2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks
2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI
2041467 - [SSP] Support custom DataImportCron creating in custom namespaces
2042402 - LiveMigration with postcopy misbehave when failure occurs
2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists
2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?
2051899 - 4.11.0 containers
2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules
2052466 - Event does not include reason for inability to live migrate
2052689 - Overhead Memory consumption calculations are incorrect
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056467 - virt-template-validator pods getting scheduled on the same node
2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long
2057310 - qemu-guest-agent does not report information due to selinux denials
2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image
2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs
2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state
2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool
2060585 - [SNO] Failed to find the virt-controller leader pod
2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled.
2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource
2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace
2063792 - No DataImportCron for CentOS 7
2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2064936 - Migration of vm from VMware reports pvc not large enough
2065014 - Feature Highlights in CNV 4.10 contains links to 4.7
2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running
2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group
2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom
2069287 - Two annotations for VM Template provider name
2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2070864 - non-privileged user cannot see catalog tiles
2071488 - "Migrate Node to Node" is confusing.
2071549 - [rhel-9] unable to create a non-root virt-launcher based VM
2071611 - Metrics documentation generators are missing metrics/recording rules
2071921 - Kubevirt RPM is not being built
2073669 - [rhel-9] VM fails to start
2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream
2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command
2074337 - VM created from registry cannot be started
2075200 - VLAN filtering cannot be configured with Intel X710
2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff
2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR"
2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file
2076790 - Alert SSPDown is constantly in Firing state
2076908 - clicking on a template in the Running VMs per Template card leads to 404
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2078700 - Windows template boot source should be blank
2078703 - [RFE] Please hide the user defined password when customizing cloud-init
2078709 - VM conditions column have wrong key/values
2078728 - Common template rootDisk is not named correctly
2079366 - rootdisk is not able to edit
2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM
2079783 - Actions are broken in topology view
2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck
2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod
2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop
2080833 - Missing cloud init script editor in the scripts tab
2080835 - SSH key is set using cloud init script instead of new api
2081182 - VM SSH command generated by UI points at api VIP
2081202 - cloud-init for Windows VM generated with corrupted "undefined" section
2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs
2081671 - SSH service created outside the UI is not discoverable
2081831 - [RFE] Improve disk hotplug UX
2082008 - LiveMigration fails due to loss of connection to destination host
2082164 - Migration progress timeout expects absolute progress
2082912 - [CNV-4.11] HCO Being Unable to Reconcile State
2083093 - VM overview tab is crashed
2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?
2083100 - Something keeps loading in the ?node selector? modal
2083101 - ?Restore default settings? never become available while editing CPU/Memory
2083135 - VM fails to schedule with vTPM in spec
2083256 - SSP Reconcile logging improvement when CR resources are changed
2083595 - [RFE] Disable VM descheduler if the VM is not live migratable
2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test'
2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails
2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field
2084431 - User credentials for ssh is not in correct format
2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab.
2084532 - Console is crashed while detaching disk
2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)
2085320 - Tolerations rules is not adding correctly
2085322 - Not able to stop/restart VM if the VM is staying in "Starting"
2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode
2086278 - Cloud init script edit add " hostname='' " when is should not be added
2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode
2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode
2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode
2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card
2086303 - non-priv user can't create VM when namespace is not selected
2086479 - some modals use ?Save? and some modals use ?Submit?
2086486 - cluster overview getting started card include old information
2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend
2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard
2086803 - When clonnig a template we need to update vm labels and annotaions to match new template
2086825 - VM restore PVC uses exact source PVC request size
2086849 - Create from YAML example is not runnable
2087188 - When VM is stopped - adding disk failed to show
2087189 - When VM is stopped - adding disk failed to show
2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2087546 - "Quick Starts" is missing in Getting started card
2087547 - Activity and Status card are missing in Virtualization Overview
2087559 - template in "VMs per template" should take user to vm list page
2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists
2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?
2087577 - "VMs per template" load time is a bit long
2087578 - Terminology "VM" should be "Virtual Machine" in all places
2087582 - Remove VMI and MTV from the navigation
2087583 - [RFE] Show more info about boot source in template list
2087584 - Template provider should not be mandatory
2087587 - Improve the descriptive text in the kebab menu of template
2087589 - Red icons shows in storage disk source selection without a good reason
2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab
2087593 - "Boot method" is not a good name in overview tab
2087603 - Align details card for single VM overview with the design doc
2087616 - align the utilization card of single VM overview with the design
2087701 - [RFE] Missing a link to VMI from running VM details page
2087717 - Message when editing template boot source is wrong
2088034 - Virtualization Overview crashes when a VirtualMachine has no labels
2088355 - disk modal shows all storage classes as default
2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user
2088379 - Create VM from catalog does not respect the storageclass of the template's boot source
2088407 - Missing create button in the template list
2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context
2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11
2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error
2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation
2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco
2089271 - Virtualization appears twice in sidebar
2089327 - add network modal crash when no networks available
2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page
2089477 - [RFE] Allow upload source when adding VM disk
2089700 - Drive column in Disks card of Overview page has duplicated values
2089745 - When removing all disks from customize wizard app crashes
2089789 - Add windows drivers disk is missing when template is not windows
2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user
2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages
2089840 - Cant create snapshot if VM is without disks
2089877 - Utilization card on single VM overview - timespan menu lacks 5min option
2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update
2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics
2089954 - Details card on single VM overview - VNC console has grey padding
2089963 - Details card on single VM overview - Operating system info is not available
2089967 - Network Interfaces card on single VM overview - name tooltip lacks info
2089970 - Network Interfaces card on single VM overview - IP tooltip
2089972 - Disks card on single VM overview -typo
2089979 - Single VM Details - CPU|Memory edit icon misplaced
2089982 - Single VM Details - SSH modal has redundant VM name
2090035 - Alert card is missing in single VM overview
2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview
2090037 - Add template link in single vm overview details card
2090038 - The update field under the version in overview should be consistent with the operator page
2090042 - Move the edit button close to the text for "boot order" and "ssh access"
2090043 - "No resource selected" in vm boot order
2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page
2090048 - "Boot mode" should be editable while VM is running
2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details
2090055 - Add link to vm template in vm details page
2090056 - "Something went wrong" shows on VM "Environment" tab
2090057 - "?" icon is too big in environment and disk tab
2090059 - Failed to add configmap in environment tab due to validate error
2090064 - Miss "remote desktop" in console dropdown list for windows VM
2090066 - [RFE] Improve guest login credentials
2090068 - Make the "name" and "Source" column wider in vm disk tab
2090131 - Key's value in "add affinity rule" modal is too small
2090350 - memory leak in virt-launcher process
2091003 - SSH service is not deleted along the VM
2091058 - After VM gets deleted, the user is redirected to a page with a different namespace
2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec.
2091406 - wrong template namespace label when creating a vm with wizard
2091754 - Scheduling and scripts tab should be editable while the VM is running
2091755 - Change bottom "Save" to "Apply" on cloud-init script form
2091756 - The root disk of cloned template should be editable
2091758 - "OS" should be "Operating system" in template filter
2091760 - The provider should be empty if it's not set during cloning
2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button
2091762 - Move notification above the tabs in template details page
2091764 - Clone a template should lead to the template details
2091765 - "Edit bootsource" is keeping in load in template actions dropdown
2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link
2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete
2091863 - BootSource edit modal should list affected templates
2091868 - Catalog list view has two columns named "BootSource"
2091889 - Devices should be editable for customize template
2091897 - username is missing in the generated ssh command
2091904 - VM is not started if adding "Authorized SSH Key" during vm creation
2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root
2091940 - SSH is not enabled in vm details after restart the VM
2091945 - delete a template should lead to templates list
2091946 - Add disk modal shows wrong units
2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco
2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank
2092052 - Virtualization should be omitted in Calatog breadcrumbs
2092071 - Getting started card in Virtualization overview can not be hidden.
2092079 - Error message stays even when problematic field is dismissed
2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO
2092228 - Ensure Machine Type for new VMs is 8.6
2092230 - [RFE] Add indication/mark to deprecated template
2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD"
2092337 - os is empty in VM details page
2092359 - [e2e] data-test-id includes all pvc name
2092654 - [RFE] No obvious way to delete the ssh key from the VM
2092662 - No url example for rhel and windows template
2092663 - no hyperlink for URL example in disk source "url"
2092664 - no hyperlink to the cdi uploadproxy URL
2092781 - Details card should be removed for non admins.
2092783 - Top consumers' card should be removed for non admins.
2092787 - Operators links should be removed from Getting started card
2092789 - "Learn more about Operators" link should lead to the Red Hat documentation
2092951 - ?Edit BootSource? action should have more explicit information when disabled
2093282 - Remove links to 'all-namespaces/' for non-privileged user
2093691 - Creation flow drawer left padding is broken
2093713 - Required fields in creation flow should be highlighted if empty
2093715 - Optional parameters section in creation flow is missing bottom padding
2093716 - CPU|Memory modal button should say "Restore template settings?
2093772 - Add a service in environment it reminds a pending change in boot order
2093773 - Console crashed if adding a service without serial number
2093866 - Cannot create vm from the template vm-template-example
2093867 - OS for template 'vm-template-example' should matching the version of the image
2094202 - Cloud-init username field should have hint
2094207 - Cloud-init password field should have auto-generate option
2094208 - SSH key input is missing validation
2094217 - YAML view should reflect shanges in SSH form
2094222 - "?" icon should be placed after red asterisk in required fields
2094323 - Workload profile should be editable in template details page
2094405 - adding resource on enviornment isnt showing on disks list when vm is running
2094440 - Utilization pie charts figures are not based on current data
2094451 - PVC selection in VM creation flow does not work for non-priv user
2094453 - CD Source selection in VM creation flow is missing Upload option
2094465 - Typo in Source tooltip
2094471 - Node selector modal for non-privileged user
2094481 - Tolerations modal for non-privileged user
2094486 - Add affinity rule modal
2094491 - Affinity rules modal button
2094495 - Descheduler modal has same text in two lines
2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id
2094665 - Dedicated Resources modal for non-privileged user
2094678 - Secrets and ConfigMaps can't be added to Windows VM
2094727 - Creation flow should have VM info in header row
2094807 - hardware devices dropdown has group title even with no devices in cluster
2094813 - Cloudinit password is seen in wizard
2094848 - Details card on Overview page - 'View details' link is missing
2095125 - OS is empty in the clone modal
2095129 - "undefined" appears in rootdisk line in clone modal
2095224 - affinity modal for non-privileged users
2095529 - VM migration cancelation in kebab action should have shorter name
2095530 - Column sizes in VM list view
2095532 - Node column in VM list view is visible to non-privileged user
2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime
2095570 - Details tab of VM should not have Node info for non-privileged user
2095573 - Disks created as environment or scripts should have proper label
2095953 - VNC console controls layout
2095955 - VNC console tabs
2096166 - Template "vm-template-example" is binding with namespace "default"
2096206 - Inconsistent capitalization in Template Actions
2096208 - Templates in the catalog list is not sorted
2096263 - Incorrectly displaying units for Disks size or Memory field in various places
2096333 - virtualization overview, related operators title is not aligned
2096492 - Cannot create vm from a cloned template if its boot source is edited
2096502 - "Restore template settings" should be removed from template CPU editor
2096510 - VM can be created without any disk
2096511 - Template shows "no Boot Source" and label "Source available" at the same time
2096620 - in templates list, edit boot reference kebab action opens a modal with different title
2096781 - Remove boot source provider while edit boot source reference
2096801 - vnc thumbnail in virtual machine overview should be active on page load
2096845 - Windows template's scripts tab is crashed
2097328 - virtctl guestfs shouldn't required uid = 0
2097370 - missing titles for optional parameters in wizard customization page
2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2098134 - "Workload profile" column is not showing completely in template list
2098135 - Workload is not showing correct in catalog after change the template's workload
2098282 - Javascript error when changing boot source of custom template to be an uploaded file
2099443 - No "Quick create virtualmachine" button for template 'vm-template-example'
2099533 - ConsoleQuickStart for HCO CR's VM is missing
2099535 - The cdi-uploadproxy certificate url should be opened in a new tab
2099539 - No storage option for upload while editing a disk
2099566 - Cloudinit should be replaced by cloud-init in all places
2099608 - "DynamicB" shows in vm-example disk size
2099633 - Doc links needs to be updated
2099639 - Remove user line from the ssh command section
2099802 - Details card link shouldn't be hard-coded
2100054 - Windows VM with WSL2 guest fails to migrate
2100284 - Virtualization overview is crashed
2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101485 - Cloudinit should be replaced by cloud-init in all places
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer
2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2102122 - non-priv user cannot load dataSource while edit template's rootdisk
2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2102125 - vm clone modal is displaying DV size instead of PVC size
2102127 - Cannot add NIC to VM template as non-priv user
2102129 - All templates are labeling "source available" in template list page
2102131 - The number of hardware devices is not correct in vm overview tab
2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2102143 - vm clone modal is displaying DV size instead of PVC size
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102543 - Add button moved to right
2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102545 - VM filter has two "Other" checkboxes which are triggered together
2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2106175 - All pages are crashed after visit Virtualization -> Overview
2106258 - All pages are crashed after visit Virtualization -> Overview
2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions
2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111562 - kubevirt plugin console crashed after visit vmi page
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt a4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO gb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn oQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/ W61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb zKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg B9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8 S74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1 810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi LD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9 ayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg Jpmb+NWHfF0VHM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0881",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4925"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
}
],
"trust": 0.7
},
"cve": "CVE-2022-1629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419742",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1629",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1629",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nBug Fix(es):\n\n* Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)\n\n* [MTC] Migrations gets stuck at StageBackup stage for indirect runs\n[OADP-BL] (BZ#2091965)\n\n* MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes\nattached to source projects\" step (BZ#2099856)\n\n* Correct DNS validation for destination namespace (BZ#2102231)\n\n* Deselecting all pvcs from UI still results in an attempted PVC transfer\n(BZ#2106073)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2082216 - Velero and Restic are using incorrect SCCs [OADP-BL]\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL]\n2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes attached to source projects\" step\n2102231 - Correct DNS validation for destination namespace\n2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-1155 - Update to newer ansible runner image for hooks\nMIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1\nMIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11\n\n6. Description:\n\nRelease osp-director-operator images\n\nSecurity Fix(es):\n\n* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)\n* go-getter: command injection vulnerability [Important] (CVE-2022-26945)\n* golang.org/x/crypto: empty plaintext packet causes panic [Moderate]\n(CVE-2021-43565)\n* containerd: insufficiently restricted permissions on container root and\nplugin directories [Moderate] (CVE-2021-41103)\n\n3. Solution:\n\nOSP 16.2 Release - OSP Director Operator Containers tech preview\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)\n2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)\n2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)\n2092928 - CVE-2022-26945 go-getter: command injection vulnerability\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2536 - Setting up ODF S3 for loki\nLOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator\nLOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with \u0027http\u0027\nLOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. \nLOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. \n\nSecurity Fix(es):\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083924 - CVE-2022-1621 vim: heap buffer overflow\n2083931 - CVE-2022-1629 vim: buffer over-read\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update\nAdvisory ID: RHSA-2022:6526-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6526\nIssue date: 2022-09-14\nCVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750\n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595\n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838\n CVE-2020-13435 CVE-2020-14155 CVE-2020-17541\n CVE-2020-24370 CVE-2020-35492 CVE-2021-3580\n CVE-2021-3634 CVE-2021-3737 CVE-2021-4115\n CVE-2021-4189 CVE-2021-20231 CVE-2021-20232\n CVE-2021-23177 CVE-2021-25219 CVE-2021-31535\n CVE-2021-31566 CVE-2021-36084 CVE-2021-36085\n CVE-2021-36086 CVE-2021-36087 CVE-2021-38185\n CVE-2021-38561 CVE-2021-40528 CVE-2021-43527\n CVE-2021-44716 CVE-2021-44717 CVE-2022-0778\n CVE-2022-1271 CVE-2022-1292 CVE-2022-1621\n CVE-2022-1629 CVE-2022-1798 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-22576\n CVE-2022-23772 CVE-2022-23773 CVE-2022-23806\n CVE-2022-24407 CVE-2022-24675 CVE-2022-24921\n CVE-2022-25313 CVE-2022-25314 CVE-2022-27191\n CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n CVE-2022-28327 CVE-2022-29824\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 4.11.0\nimages:\n\nRHEL-8-CNV-4.11\n==============hostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937609 - VM cannot be restarted\n1945593 - Live migration should be blocked for VMs with host devices\n1968514 - [RFE] Add cancel migration action to virtctl\n1993109 - CNV MacOS Client not signed\n1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side\n2001385 - no \"name\" label in virt-operator pod\n2009793 - KBase to clarify nested support status is missing\n2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate\n2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)\n2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation\n2026357 - Migration in sequence can be reported as failed even when it succeeded\n2029349 - cluster-network-addons-operator does not serve metrics through HTTPS\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2031857 - Add annotation for URL to download the image\n2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2035344 - kubemacpool-mac-controller-manager not ready\n2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered\n2039976 - Pod stuck in \"Terminating\" state when removing VM with kernel boot and container disks\n2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI\n2041467 - [SSP] Support custom DataImportCron creating in custom namespaces\n2042402 - LiveMigration with postcopy misbehave when failure occurs\n2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists\n2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?\n2051899 - 4.11.0 containers\n2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn\u0027t configure ip nat rules\n2052466 - Event does not include reason for inability to live migrate\n2052689 - Overhead Memory consumption calculations are incorrect\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056467 - virt-template-validator pods getting scheduled on the same node\n2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long\n2057310 - qemu-guest-agent does not report information due to selinux denials\n2058149 - cluster-network-addons-operator deployment\u0027s MULTUS_IMAGE is pointing to brew image\n2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state\n2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool\n2060585 - [SNO] Failed to find the virt-controller leader pod\n2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. \n2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource\n2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace\n2063792 - No DataImportCron for CentOS 7\n2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2064936 - Migration of vm from VMware reports pvc not large enough\n2065014 - Feature Highlights in CNV 4.10 contains links to 4.7\n2065019 - \"Running VMs per template\" in the new overview tab counts VMs that are not running\n2066768 - [CNV-4.11-HCO] User Cannot List Resource \"namespaces\" in API group\n2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom\n2069287 - Two annotations for VM Template provider name\n2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2070864 - non-privileged user cannot see catalog tiles\n2071488 - \"Migrate Node to Node\" is confusing. \n2071549 - [rhel-9] unable to create a non-root virt-launcher based VM\n2071611 - Metrics documentation generators are missing metrics/recording rules\n2071921 - Kubevirt RPM is not being built\n2073669 - [rhel-9] VM fails to start\n2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream\n2073982 - [CNV-4.11-RHEL9] \u0027virtctl\u0027 binary fails with \u0027rc1\u0027 with \u0027virtctl version\u0027 command\n2074337 - VM created from registry cannot be started\n2075200 - VLAN filtering cannot be configured with Intel X710\n2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff\n2076292 - Upgrade from 4.10.1-\u003e4.11 using nightly channel, is not completing with error \"could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR\"\n2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file\n2076790 - Alert SSPDown is constantly in Firing state\n2076908 - clicking on a template in the Running VMs per Template card leads to 404\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2078700 - Windows template boot source should be blank\n2078703 - [RFE] Please hide the user defined password when customizing cloud-init\n2078709 - VM conditions column have wrong key/values\n2078728 - Common template rootDisk is not named correctly\n2079366 - rootdisk is not able to edit\n2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM\n2079783 - Actions are broken in topology view\n2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck\n2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod\n2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop\n2080833 - Missing cloud init script editor in the scripts tab\n2080835 - SSH key is set using cloud init script instead of new api\n2081182 - VM SSH command generated by UI points at api VIP\n2081202 - cloud-init for Windows VM generated with corrupted \"undefined\" section\n2081409 - when viewing a common template details page, user need to see the message \"can\u0027t edit common template\" on all tabs\n2081671 - SSH service created outside the UI is not discoverable\n2081831 - [RFE] Improve disk hotplug UX\n2082008 - LiveMigration fails due to loss of connection to destination host\n2082164 - Migration progress timeout expects absolute progress\n2082912 - [CNV-4.11] HCO Being Unable to Reconcile State\n2083093 - VM overview tab is crashed\n2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?\n2083100 - Something keeps loading in the ?node selector? modal\n2083101 - ?Restore default settings? never become available while editing CPU/Memory\n2083135 - VM fails to schedule with vTPM in spec\n2083256 - SSP Reconcile logging improvement when CR resources are changed\n2083595 - [RFE] Disable VM descheduler if the VM is not live migratable\n2084102 - [e2e] Many elements are lacking proper selector like \u0027data-test-id\u0027 or \u0027data-test\u0027\n2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails\n2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field\n2084431 - User credentials for ssh is not in correct format\n2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. \n2084532 - Console is crashed while detaching disk\n2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)\n2085320 - Tolerations rules is not adding correctly\n2085322 - Not able to stop/restart VM if the VM is staying in \"Starting\"\n2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode\n2086278 - Cloud init script edit add \" hostname=\u0027\u0027 \" when is should not be added\n2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode\n2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode\n2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode\n2086294 - [dark mode] Can\u0027t see the number inside the donut chart in VMs per template card\n2086303 - non-priv user can\u0027t create VM when namespace is not selected\n2086479 - some modals use ?Save? and some modals use ?Submit?\n2086486 - cluster overview getting started card include old information\n2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend\n2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard\n2086803 - When clonnig a template we need to update vm labels and annotaions to match new template\n2086825 - VM restore PVC uses exact source PVC request size\n2086849 - Create from YAML example is not runnable\n2087188 - When VM is stopped - adding disk failed to show\n2087189 - When VM is stopped - adding disk failed to show\n2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2087546 - \"Quick Starts\" is missing in Getting started card\n2087547 - Activity and Status card are missing in Virtualization Overview\n2087559 - template in \"VMs per template\" should take user to vm list page\n2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists\n2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?\n2087577 - \"VMs per template\" load time is a bit long\n2087578 - Terminology \"VM\" should be \"Virtual Machine\" in all places\n2087582 - Remove VMI and MTV from the navigation\n2087583 - [RFE] Show more info about boot source in template list\n2087584 - Template provider should not be mandatory\n2087587 - Improve the descriptive text in the kebab menu of template\n2087589 - Red icons shows in storage disk source selection without a good reason\n2087590 - [REF] \"Upload a new file to a PVC\" should not open the form in a new tab\n2087593 - \"Boot method\" is not a good name in overview tab\n2087603 - Align details card for single VM overview with the design doc\n2087616 - align the utilization card of single VM overview with the design\n2087701 - [RFE] Missing a link to VMI from running VM details page\n2087717 - Message when editing template boot source is wrong\n2088034 - Virtualization Overview crashes when a VirtualMachine has no labels\n2088355 - disk modal shows all storage classes as default\n2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2088379 - Create VM from catalog does not respect the storageclass of the template\u0027s boot source\n2088407 - Missing create button in the template list\n2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context\n2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11\n2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error\n2088849 - \"dataimportcrontemplate.kubevirt.io/enable\" field does not do any validation\n2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco\n2089271 - Virtualization appears twice in sidebar\n2089327 - add network modal crash when no networks available\n2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page\n2089477 - [RFE] Allow upload source when adding VM disk\n2089700 - Drive column in Disks card of Overview page has duplicated values\n2089745 - When removing all disks from customize wizard app crashes\n2089789 - Add windows drivers disk is missing when template is not windows\n2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user\n2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages\n2089840 - Cant create snapshot if VM is without disks\n2089877 - Utilization card on single VM overview - timespan menu lacks 5min option\n2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update\n2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics\n2089954 - Details card on single VM overview - VNC console has grey padding\n2089963 - Details card on single VM overview - Operating system info is not available\n2089967 - Network Interfaces card on single VM overview - name tooltip lacks info\n2089970 - Network Interfaces card on single VM overview - IP tooltip\n2089972 - Disks card on single VM overview -typo\n2089979 - Single VM Details - CPU|Memory edit icon misplaced\n2089982 - Single VM Details - SSH modal has redundant VM name\n2090035 - Alert card is missing in single VM overview\n2090036 - OS should be \"Operating system\" and host should be \"hostname\" in single vm overview\n2090037 - Add template link in single vm overview details card\n2090038 - The update field under the version in overview should be consistent with the operator page\n2090042 - Move the edit button close to the text for \"boot order\" and \"ssh access\"\n2090043 - \"No resource selected\" in vm boot order\n2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page\n2090048 - \"Boot mode\" should be editable while VM is running\n2090054 - Services ?kubernetes\" and \"openshift\" should not be listing in vm details\n2090055 - Add link to vm template in vm details page\n2090056 - \"Something went wrong\" shows on VM \"Environment\" tab\n2090057 - \"?\" icon is too big in environment and disk tab\n2090059 - Failed to add configmap in environment tab due to validate error\n2090064 - Miss \"remote desktop\" in console dropdown list for windows VM\n2090066 - [RFE] Improve guest login credentials\n2090068 - Make the \"name\" and \"Source\" column wider in vm disk tab\n2090131 - Key\u0027s value in \"add affinity rule\" modal is too small\n2090350 - memory leak in virt-launcher process\n2091003 - SSH service is not deleted along the VM\n2091058 - After VM gets deleted, the user is redirected to a page with a different namespace\n2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. \n2091406 - wrong template namespace label when creating a vm with wizard\n2091754 - Scheduling and scripts tab should be editable while the VM is running\n2091755 - Change bottom \"Save\" to \"Apply\" on cloud-init script form\n2091756 - The root disk of cloned template should be editable\n2091758 - \"OS\" should be \"Operating system\" in template filter\n2091760 - The provider should be empty if it\u0027s not set during cloning\n2091761 - Miss \"Edit labels\" and \"Edit annotations\" in template kebab button\n2091762 - Move notification above the tabs in template details page\n2091764 - Clone a template should lead to the template details\n2091765 - \"Edit bootsource\" is keeping in load in template actions dropdown\n2091766 - \"Are you sure you want to leave this page?\" pops up when click the \"Templates\" link\n2091853 - On Snapshot tab of single VM \"Restore\" button should move to the kebab actions together with the Delete\n2091863 - BootSource edit modal should list affected templates\n2091868 - Catalog list view has two columns named \"BootSource\"\n2091889 - Devices should be editable for customize template\n2091897 - username is missing in the generated ssh command\n2091904 - VM is not started if adding \"Authorized SSH Key\" during vm creation\n2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root\n2091940 - SSH is not enabled in vm details after restart the VM\n2091945 - delete a template should lead to templates list\n2091946 - Add disk modal shows wrong units\n2091982 - Got a lot of \"Reconciler error\" in cdi-deployment log after adding custom DataImportCron to hco\n2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank\n2092052 - Virtualization should be omitted in Calatog breadcrumbs\n2092071 - Getting started card in Virtualization overview can not be hidden. \n2092079 - Error message stays even when problematic field is dismissed\n2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO\n2092228 - Ensure Machine Type for new VMs is 8.6\n2092230 - [RFE] Add indication/mark to deprecated template\n2092306 - VM is stucking with WaitingForVolumeBinding if creating via \"Boot from CD\"\n2092337 - os is empty in VM details page\n2092359 - [e2e] data-test-id includes all pvc name\n2092654 - [RFE] No obvious way to delete the ssh key from the VM\n2092662 - No url example for rhel and windows template\n2092663 - no hyperlink for URL example in disk source \"url\"\n2092664 - no hyperlink to the cdi uploadproxy URL\n2092781 - Details card should be removed for non admins. \n2092783 - Top consumers\u0027 card should be removed for non admins. \n2092787 - Operators links should be removed from Getting started card\n2092789 - \"Learn more about Operators\" link should lead to the Red Hat documentation\n2092951 - ?Edit BootSource? action should have more explicit information when disabled\n2093282 - Remove links to \u0027all-namespaces/\u0027 for non-privileged user\n2093691 - Creation flow drawer left padding is broken\n2093713 - Required fields in creation flow should be highlighted if empty\n2093715 - Optional parameters section in creation flow is missing bottom padding\n2093716 - CPU|Memory modal button should say \"Restore template settings?\n2093772 - Add a service in environment it reminds a pending change in boot order\n2093773 - Console crashed if adding a service without serial number\n2093866 - Cannot create vm from the template `vm-template-example`\n2093867 - OS for template \u0027vm-template-example\u0027 should matching the version of the image\n2094202 - Cloud-init username field should have hint\n2094207 - Cloud-init password field should have auto-generate option\n2094208 - SSH key input is missing validation\n2094217 - YAML view should reflect shanges in SSH form\n2094222 - \"?\" icon should be placed after red asterisk in required fields\n2094323 - Workload profile should be editable in template details page\n2094405 - adding resource on enviornment isnt showing on disks list when vm is running\n2094440 - Utilization pie charts figures are not based on current data\n2094451 - PVC selection in VM creation flow does not work for non-priv user\n2094453 - CD Source selection in VM creation flow is missing Upload option\n2094465 - Typo in Source tooltip\n2094471 - Node selector modal for non-privileged user\n2094481 - Tolerations modal for non-privileged user\n2094486 - Add affinity rule modal\n2094491 - Affinity rules modal button\n2094495 - Descheduler modal has same text in two lines\n2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id\n2094665 - Dedicated Resources modal for non-privileged user\n2094678 - Secrets and ConfigMaps can\u0027t be added to Windows VM\n2094727 - Creation flow should have VM info in header row\n2094807 - hardware devices dropdown has group title even with no devices in cluster\n2094813 - Cloudinit password is seen in wizard\n2094848 - Details card on Overview page - \u0027View details\u0027 link is missing\n2095125 - OS is empty in the clone modal\n2095129 - \"undefined\" appears in rootdisk line in clone modal\n2095224 - affinity modal for non-privileged users\n2095529 - VM migration cancelation in kebab action should have shorter name\n2095530 - Column sizes in VM list view\n2095532 - Node column in VM list view is visible to non-privileged user\n2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime\n2095570 - Details tab of VM should not have Node info for non-privileged user\n2095573 - Disks created as environment or scripts should have proper label\n2095953 - VNC console controls layout\n2095955 - VNC console tabs\n2096166 - Template \"vm-template-example\" is binding with namespace \"default\"\n2096206 - Inconsistent capitalization in Template Actions\n2096208 - Templates in the catalog list is not sorted\n2096263 - Incorrectly displaying units for Disks size or Memory field in various places\n2096333 - virtualization overview, related operators title is not aligned\n2096492 - Cannot create vm from a cloned template if its boot source is edited\n2096502 - \"Restore template settings\" should be removed from template CPU editor\n2096510 - VM can be created without any disk\n2096511 - Template shows \"no Boot Source\" and label \"Source available\" at the same time\n2096620 - in templates list, edit boot reference kebab action opens a modal with different title\n2096781 - Remove boot source provider while edit boot source reference\n2096801 - vnc thumbnail in virtual machine overview should be active on page load\n2096845 - Windows template\u0027s scripts tab is crashed\n2097328 - virtctl guestfs shouldn\u0027t required uid = 0\n2097370 - missing titles for optional parameters in wizard customization page\n2097465 - Count is not updating for \u0027prometheusrule\u0027 component when metrics kubevirt_hco_out_of_band_modifications_count executed\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2098134 - \"Workload profile\" column is not showing completely in template list\n2098135 - Workload is not showing correct in catalog after change the template\u0027s workload\n2098282 - Javascript error when changing boot source of custom template to be an uploaded file\n2099443 - No \"Quick create virtualmachine\" button for template \u0027vm-template-example\u0027\n2099533 - ConsoleQuickStart for HCO CR\u0027s VM is missing\n2099535 - The cdi-uploadproxy certificate url should be opened in a new tab\n2099539 - No storage option for upload while editing a disk\n2099566 - Cloudinit should be replaced by cloud-init in all places\n2099608 - \"DynamicB\" shows in vm-example disk size\n2099633 - Doc links needs to be updated\n2099639 - Remove user line from the ssh command section\n2099802 - Details card link shouldn\u0027t be hard-coded\n2100054 - Windows VM with WSL2 guest fails to migrate\n2100284 - Virtualization overview is crashed\n2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101485 - Cloudinit should be replaced by cloud-init in all places\n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer\n2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2102122 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2102124 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102127 - Cannot add NIC to VM template as non-priv user\n2102129 - All templates are labeling \"source available\" in template list page\n2102131 - The number of hardware devices is not correct in vm overview tab\n2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2102143 - vm clone modal is displaying DV size instead of PVC size\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102543 - Add button moved to right\n2102544 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102545 - VM filter has two \"Other\" checkboxes which are triggered together\n2104617 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106258 - All pages are crashed after visit Virtualization -\u003e Overview\n2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions\n2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111562 - kubevirt plugin console crashed after visit vmi page\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-35492\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4115\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38185\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt\na4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO\ngb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn\noQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/\nW61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb\nzKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg\nB9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8\nS74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1\n810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi\nLD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9\nayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg\nJpmb+NWHfF0VHM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1629",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "167985",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167778",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167853",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022071342",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3554",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3873",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3644",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167644",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167984",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-419742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167956",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168392",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"id": "VAR-202205-0881",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:27:25.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "trailing\u00a0backslash\u00a0may\u00a0cause\u00a0reading\u00a0past\u00a0end\u00a0of\u00a0line Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193121"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.7,
"url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072631"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072127"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071342"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070109"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-find-next-quote-38391"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3873"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1629/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3644"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29162"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/containers"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-419742"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"date": "2022-08-05T14:52:04",
"db": "PACKETSTORM",
"id": "167985"
},
{
"date": "2022-08-10T15:54:58",
"db": "PACKETSTORM",
"id": "168036"
},
{
"date": "2022-08-04T14:49:41",
"db": "PACKETSTORM",
"id": "167956"
},
{
"date": "2022-07-21T20:26:52",
"db": "PACKETSTORM",
"id": "167778"
},
{
"date": "2022-07-27T17:28:30",
"db": "PACKETSTORM",
"id": "167845"
},
{
"date": "2022-07-01T14:56:38",
"db": "PACKETSTORM",
"id": "167644"
},
{
"date": "2022-09-15T14:20:18",
"db": "PACKETSTORM",
"id": "168392"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"date": "2022-05-10T14:15:08.530000",
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-419742"
},
{
"date": "2023-08-17T04:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"date": "2024-11-21T06:41:07.860000",
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
],
"trust": 0.6
}
}