USN-5775-1: Vim vulnerabilities

Read Time:58 Second

It was discovered that Vim uses freed memory in recurisve substitution of
specially crafted patterns. An attacker could possbly use this to crash Vim
and cause denial of service. (CVE-2022-2345)

It was discovered that Vim makes illegal memory calls when patterns start
with an illegal byte. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2581)

It was discovered that Vim could be made to crash when parsing invalid line
numbers. An attacker could possbly use this to crash Vim and cause denial
of service. (CVE-2022-3099)

It was discovered that Vim uses freed memory when autocmd changes a mark.
An attacker could possbly use this to crash Vim and cause denial of
service. (CVE-2022-3256)

It was discovered the Vim uses an incorrect array index when window width
is negative. A local attacker could possbly use this to crash Vim and cause
denial of service. (CVE-2022-3324)

It was discoverd that certain buffers could be sent to the wrong window. An
attacker with local access could use this to send messages to the wrong
window. (CVE-2022-3591)

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Ivanti Connect Secure Zero-Day Vulnerability