In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-02-14
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-10
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-09
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.0
Published
2022-01-25
Out-of-bounds Read in vim/vim prior to 8.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-21
Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-01-21
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-01-18
vim is vulnerable to Use After Free
CVSS Score
6.8
EPSS Score
0.001
Published
2022-01-10
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
6.8
EPSS Score
0.001
Published
2022-01-10
vim is vulnerable to Out-of-bounds Read
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-06