When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-07-07
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-07-07
Use After Free in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-02
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-05-31
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-29
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-05-27
Use After Free in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-27
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-25
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-17
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-05-17