EUVD-2022-43062

Malicious code in bioql PyPI...

EulerOS Virtualization 2.11.1 : vim (EulerOS-SA-2023-2080)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3234 - Use After Free in GitHub repository vim/v...

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2023-1912)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. CVE-2022-3491 - Heap-based Buffer Overflow in GitHub...

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2023-1943)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. CVE-2022-3491 - Heap-based Buffer Overflow in GitHub...

EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2023-1650)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3296 - Use After Free in GitHub repository...

Amazon Linux AMI : vim (ALAS-2023-1663)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1663 advisory. - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVE-2022-3520 - Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVE-2022-3591 - A vulnerability was foun...

EulerOS 2.0 SP9 : vim (EulerOS-SA-2023-1116)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3296 - Use After Free in GitHub repository vim/vim prior to...

SUSE-SU-2022:4631-1 Security update for vim

This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 bsc1206028. - CVE-2022-3520: vim: Heap-based Buffer Overflow bsc1206071. - CVE-2022-3591: vim: Use After Free bsc1206072. - CVE-2022-4292: vim: Use After...

Amazon Linux 2 : vim (ALAS-2022-1902)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1902 advisory. 2024-02-01: CVE-2022-3591 was added to this advisory. 2024-02-01: CVE-2022-3520 was added to this advisory. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVE-2022-352...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to the use after free in the qfupdatebuffer function of quickfix.c, allowing an attacker to cause an application crash through malicious input...

CVE-2022-3705 vim autocmd quickfix.c qf_update_buffer use after free

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to...

CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to...

Use-After-Free

vim, edge is vulnerable to use-after-free. The vulnerability exists in qffillbuffer function in quickfix.c because user input not properly sanitization which allows an attacker to inject and execute malicious code into the system into the system...

Use-After-Free

vim:edge is vulnerable to use-after-free. The vulnerability exist in the getnextvalidentry function in quickfix.c because vim is using freed memory when the location list is changed in autocmd...

CVE-2022-3016

A heap use-after-free vulnerability was found in vim's getnextvalidentry function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file,...

CVE-2022-2982

A heap use-after-free vulnerability was found in vim's qffillbuffer function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap...

Use After Free in function qf_fill_buffer

Description Use After Free in function qffillbuffer at vim/src/quickfix.c:4790 vim version git log commit adce965162dd89bf29ee0e5baf53652e7515762c HEAD - master, tag: v9.0.0246, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc5huaf.dat -c :qa!...