PT-2023-8006 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.7.0 through 1.23.2 Description: The issue is related to the JoltTransformJSON Processor in Apache NiFi, which provides an advanced configuration user interface vulnerable to DOM-based cross-site scripting. If an...

SUSE CVE-2023-48233

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarge. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit...

SUSE CVE-2023-48234

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

SUSE CVE-2023-48236

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which...

DEBIAN-CVE-2023-48234

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

DEBIAN-CVE-2023-48237

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This...

DEBIAN-CVE-2023-48235

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

AZL-32026 CVE-2023-48235 affecting package vim for versions less than 9.0.2112-1

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

AZL-32027 CVE-2023-48234 affecting package vim for versions less than 9.0.2112-1

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

DEBIAN-CVE-2023-48233

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarge. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit...

AZL-32010 CVE-2023-48233 affecting package vim for versions less than 9.0.2112-1

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarge. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit...

DEBIAN-CVE-2023-48232

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues o...

DEBIAN-CVE-2023-48231

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version...

UBUNTU-CVE-2023-48231

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version...

UBUNTU-CVE-2023-48236

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which...

UBUNTU-CVE-2023-48233

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarge. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit...

UBUNTU-CVE-2023-48235

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

CVE-2023-48234 overflow in nv_z_get_count in vim

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...

SUSE CVE-2023-47627

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...