USN-6420-1: Vim vulnerabilities

Read Time:1 Minute, 58 Second

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278,
CVE-2022-3297, CVE-2022-3491)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-3352, CVE-2022-4292)

It was discovered that Vim incorrectly handled memory when replacing in
virtualedit mode. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234)

It was discovered that Vim incorrectly handled memory when autocmd changes
mark. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-3256)

It was discovered that Vim did not properly perform checks on array index
with negative width window. An attacker could possibly use this issue to
cause a denial of service, or execute arbitrary code. (CVE-2022-3324)

It was discovered that Vim did not properly perform checks on a put command
column with a visual block. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-3520)

It was discovered that Vim incorrectly handled memory when using autocommand
to open a window. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-3591)

It was discovered that Vim incorrectly handled memory when updating buffer
of the component autocmd handler. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-3705)

It was discovered that Vim incorrectly handled floating point comparison
with incorrect operator. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu
22.04 LTS. (CVE-2022-4293)

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

Zero-Day Vulnerability in Ivanti VPN

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Ivanti Connect Secure Zero-Day Vulnerability

USN-7198-1: rlottie vulnerabilities