Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-4187: patch 8.2.3923: Vim9: double free with split argument list in nested … · vim/vim@4bf1006

vim is vulnerable to Use After Free

CVE

@@ -1669,7 +1669,7 @@ def Test_error_in_nested_function() assert_fails('FuncWithForwardCall()', 'E1096:’, '’, 1, ‘FuncWithForwardCall’) enddef
def Test_nested_functin_with_nextcmd() def Test_nested_function_with_nextcmd() var lines =<< trim END vim9script # Define an outer function @@ -1689,6 +1689,24 @@ def Test_nested_functin_with_nextcmd() CheckScriptFailure(lines, ‘E476: Invalid command: AAAAA’) enddef
def Test_nested_function_with_args_split() var lines =<< trim END vim9script def FirstFunction() def SecondFunction( ) # had a double free if the right parenthesis of the nested function is # on the next line
enddef|BBBB enddef # Compile all functions defcompile END # FIXME: this should fail on the BBBB CheckScriptSuccess(lines) enddef
def Test_return_type_wrong() CheckScriptFailure([ 'def Func(): number’,

Related news

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Gentoo Linux Security Advisory 202208-32

Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.

Apple Security Advisory 2022-07-20-4

Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907