Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:198808
[Rus]
Version
1
Class
patch
ALTXid
417550
Language
English
Severity
Critical
Title
SUSE-SU-2022:4619-1 -- Security update for vim
Description
This update for vim fixes the security issues.
Family
unix
Platform
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP 12
Product
vim
Reference
VENDOR: SUSE-SU-2022:4619-1
VENDOR: SUSE-SU-2022:4619-1
Id:
SUSE-SU-2022:4619-1
Reference:
https://www.suse.com/support/update/announcement/2022/SUSE-SU-20224619-1/
CVE: CVE-2009-0316
CVE: CVE-2009-0316
Id:
CVE-2009-0316
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0316
Comment
: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 (MISC)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 (CONFIRM)
APPLE-SA-2010-03-29-1 (APPLE)
http://support.apple.com/kb/HT4077 (CONFIRM)
MDVSA-2009:047 (MANDRIVA)
[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd (MLIST)
[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) (MLIST)
33447 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=481565 (CONFIRM)
vim-pysyssetargv-privilege-escalation(48275) (XF)
https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 (CONFIRM)
CVE: CVE-2016-1248
CVE: CVE-2016-1248
Id:
CVE-2016-1248
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248
Comment
: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
http://openwall.com/lists/oss-security/2016/11/22/20 (CONFIRM)
https://github.com/vim/vim/releases/tag/v8.0.0056 (CONFIRM)
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a (CONFIRM)
https://lists.debian.org/debian-security-announce/2016/msg00305.html (CONFIRM)
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040 (CONFIRM)
https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog (CONFIRM)
[debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update (MLIST)
94478 (BID)
USN-3139-1 (UBUNTU)
DSA-3722 (DEBIAN)
RHSA-2016:2972 (REDHAT)
GLSA-201701-29 (GENTOO)
1037338 (SECTRACK)
CVE: CVE-2017-17087
CVE: CVE-2017-17087
Id:
CVE-2017-17087
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087
Comment
: fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
668 (Exposure of Resource to Wrong Sphere)
References:
https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ (MISC)
https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (MISC)
http://security.cucumberlinux.com/security/details.php?id=166 (MISC)
http://openwall.com/lists/oss-security/2017/11/27/2 (MISC)
[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update (MLIST)
USN-4582-1 (UBUNTU)
[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update (MLIST)
CVE: CVE-2017-5953
CVE: CVE-2017-5953
Id:
CVE-2017-5953
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
Comment
: vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d (CONFIRM)
96217 (BID)
GLSA-201706-26 (GENTOO)
DSA-3786 (DEBIAN)
USN-4016-1 (UBUNTU)
USN-4309-1 (UBUNTU)
https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY ()
CVE: CVE-2017-6349
CVE: CVE-2017-6349
Id:
CVE-2017-6349
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6349
Comment
: An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c (MISC)
96451 (BID)
GLSA-201706-26 (GENTOO)
1037949 (SECTRACK)
USN-4309-1 (UBUNTU)
https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA ()
https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y ()
CVE: CVE-2017-6350
CVE: CVE-2017-6350
Id:
CVE-2017-6350
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350
Comment
: An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 (MISC)
96448 (BID)
GLSA-201706-26 (GENTOO)
1037949 (SECTRACK)
USN-4309-1 (UBUNTU)
https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q ()
https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y ()
CVE: CVE-2021-3778
CVE: CVE-2021-3778
Id:
CVE-2021-3778
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (MISC)
https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 (CONFIRM)
[oss-security] 20210930 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://security.netapp.com/advisory/ntap-20221118-0003/ (CONFIRM)
FEDORA-2021-968f57ec98 ()
FEDORA-2021-84f4cf3244 ()
FEDORA-2021-6988830606 ()
CVE: CVE-2021-3796
CVE: CVE-2021-3796
Id:
CVE-2021-3796
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796
Comment
: vim is vulnerable to Use After Free
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
LOW
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (MISC)
https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d (CONFIRM)
[oss-security] 20210930 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://security.netapp.com/advisory/ntap-20221118-0004/ (CONFIRM)
FEDORA-2021-968f57ec98 ()
FEDORA-2021-84f4cf3244 ()
FEDORA-2021-6988830606 ()
CVE: CVE-2021-3872
CVE: CVE-2021-3872
Id:
CVE-2021-3872
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3872
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b (MISC)
https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 (CONFIRM)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
FEDORA-2021-84f4cf3244 ()
FEDORA-2021-6988830606 ()
CVE: CVE-2021-3875
CVE: CVE-2021-3875
Id:
CVE-2021-3875
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3875
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53 (CONFIRM)
https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
GLSA-202208-32 (GENTOO)
FEDORA-2021-84f4cf3244 ()
FEDORA-2021-6988830606 ()
CVE: CVE-2021-3903
CVE: CVE-2021-3903
Id:
CVE-2021-3903
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3903
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 (MISC)
https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
FEDORA-2021-af135cabe2 ()
FEDORA-2021-a5e55a9e02 ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3927
CVE: CVE-2021-3927
Id:
CVE-2021-3927
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3927
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 (CONFIRM)
https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-58ab85548d ()
FEDORA-2021-cfadac570a ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3928
CVE: CVE-2021-3928
Id:
CVE-2021-3928
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3928
Comment
: vim is vulnerable to Use of Uninitialized Variable
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
457 (Use of Uninitialized Variable)
References:
https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd (CONFIRM)
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-58ab85548d ()
FEDORA-2021-cfadac570a ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3968
CVE: CVE-2021-3968
Id:
CVE-2021-3968
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3968
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
8.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3 Score:
8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528 (CONFIRM)
https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
GLSA-202208-32 (GENTOO)
FEDORA-2021-5cd9df120e ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3973
CVE: CVE-2021-3973
Id:
CVE-2021-3973
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3973
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (MISC)
https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
FEDORA-2021-5cd9df120e ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3974
CVE: CVE-2021-3974
Id:
CVE-2021-3974
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3974
Comment
: vim is vulnerable to Use After Free
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (MISC)
https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-5cd9df120e ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-3984
CVE: CVE-2021-3984
Id:
CVE-2021-3984
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3984
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (MISC)
https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-4019
CVE: CVE-2021-4019
Id:
CVE-2021-4019
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4019
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (MISC)
https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-469afb66c9 ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-4069
CVE: CVE-2021-4069
Id:
CVE-2021-4069
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069
Comment
: vim is vulnerable to Use After Free
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74 (CONFIRM)
https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2021-541ddd1f94 ()
FEDORA-2021-b0ac29efb1 ()
CVE: CVE-2021-4136
CVE: CVE-2021-4136
Id:
CVE-2021-4136
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4136
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 (CONFIRM)
https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
https://support.apple.com/kb/HT213183 (CONFIRM)
20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 (FULLDISC)
https://support.apple.com/kb/HT213256 (CONFIRM)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (FULLDISC)
https://support.apple.com/kb/HT213343 (CONFIRM)
20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina (FULLDISC)
GLSA-202208-32 (GENTOO)
FEDORA-2022-a3d70b50f0 ()
FEDORA-2022-48b86d586f ()
CVE: CVE-2021-4166
CVE: CVE-2021-4166
Id:
CVE-2021-4166
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4166
Comment
: vim is vulnerable to Out-of-bounds Read
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 (CONFIRM)
https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
https://support.apple.com/kb/HT213183 (CONFIRM)
20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 (FULLDISC)
https://support.apple.com/kb/HT213256 (CONFIRM)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (FULLDISC)
https://support.apple.com/kb/HT213343 (CONFIRM)
20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina (FULLDISC)
GLSA-202208-32 (GENTOO)
FEDORA-2022-a3d70b50f0 ()
FEDORA-2022-48b86d586f ()
CVE: CVE-2021-4192
CVE: CVE-2021-4192
Id:
CVE-2021-4192
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4192
Comment
: vim is vulnerable to Use After Free
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 (CONFIRM)
https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
https://support.apple.com/kb/HT213183 (CONFIRM)
20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 (FULLDISC)
https://support.apple.com/kb/HT213256 (CONFIRM)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (FULLDISC)
https://support.apple.com/kb/HT213343 (CONFIRM)
20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina (FULLDISC)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2022-48b86d586f ()
CVE: CVE-2021-4193
CVE: CVE-2021-4193
Id:
CVE-2021-4193
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4193
Comment
: vim is vulnerable to Out-of-bounds Read
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (MISC)
https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
https://support.apple.com/kb/HT213183 (CONFIRM)
20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 (FULLDISC)
https://support.apple.com/kb/HT213256 (CONFIRM)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (FULLDISC)
https://support.apple.com/kb/HT213343 (CONFIRM)
20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina (FULLDISC)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2022-48b86d586f ()
CVE: CVE-2021-46059
CVE: CVE-2021-46059
Id:
CVE-2021-46059
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46059
Comment
: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
References:
CVE: CVE-2022-0128
CVE: CVE-2022-0128
Id:
CVE-2022-0128
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128
Comment
: vim is vulnerable to Out-of-bounds Read
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (MISC)
https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba (CONFIRM)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
https://support.apple.com/kb/HT213183 (CONFIRM)
20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 (FULLDISC)
https://support.apple.com/kb/HT213256 (CONFIRM)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (FULLDISC)
https://support.apple.com/kb/HT213343 (CONFIRM)
20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina (FULLDISC)
GLSA-202208-32 (GENTOO)
CVE: CVE-2022-0213
CVE: CVE-2022-0213
Id:
CVE-2022-0213
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213
Comment
: vim is vulnerable to Heap-based Buffer Overflow
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed (CONFIRM)
https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (MISC)
[oss-security] 20220114 Re: 3 new CVE's in vim (MLIST)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0261
CVE: CVE-2022-0261
Id:
CVE-2022-0261
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0261
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (MISC)
https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 (CONFIRM)
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0318
CVE: CVE-2022-0318
Id:
CVE-2022-0318
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0318
Comment
: Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (MISC)
https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 (CONFIRM)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
CVE: CVE-2022-0319
CVE: CVE-2022-0319
Id:
CVE-2022-0319
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0319
Comment
: Out-of-bounds Read in vim/vim prior to 8.2.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b (CONFIRM)
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (MISC)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0351
CVE: CVE-2022-0351
Id:
CVE-2022-0351
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0351
Comment
: Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (MISC)
https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 (CONFIRM)
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0359
CVE: CVE-2022-0359
Id:
CVE-2022-0359
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def (CONFIRM)
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (MISC)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0361
CVE: CVE-2022-0361
Id:
CVE-2022-0361
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0361
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b (CONFIRM)
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (MISC)
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-0392
CVE: CVE-2022-0392
Id:
CVE-2022-0392
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0392
Comment
: Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (MISC)
https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 (CONFIRM)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
CVE: CVE-2022-0407
CVE: CVE-2022-0407
Id:
CVE-2022-0407
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0407
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (MISC)
https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c (CONFIRM)
GLSA-202208-32 (GENTOO)
CVE: CVE-2022-0413
CVE: CVE-2022-0413
Id:
CVE-2022-0413
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0413
Comment
: Use After Free in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (MISC)
https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 (CONFIRM)
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
FEDORA-2022-da2fb07efb ()
FEDORA-2022-48bf3cb1c4 ()
CVE: CVE-2022-0696
CVE: CVE-2022-0696
Id:
CVE-2022-0696
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (MISC)
https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f (CONFIRM)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
FEDORA-2022-48bf3cb1c4 ()
CVE: CVE-2022-1381
CVE: CVE-2022-1381
Id:
CVE-2022-1381
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1381
Comment
: global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4 (CONFIRM)
https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-e304fffd34 ()
FEDORA-2022-b605768c94 ()
CVE: CVE-2022-1420
CVE: CVE-2022-1420
Id:
CVE-2022-1420
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1420
Comment
: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
823 (Use of Out-of-range Pointer Offset)
References:
https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (MISC)
https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 (CONFIRM)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-e304fffd34 ()
FEDORA-2022-b605768c94 ()
CVE: CVE-2022-1616
CVE: CVE-2022-1616
Id:
CVE-2022-1616
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
Comment
: Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (MISC)
https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 (CONFIRM)
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-e92c3ce170 ()
FEDORA-2022-f0db3943d9 ()
FEDORA-2022-8df66cdbef ()
CVE: CVE-2022-1619
CVE: CVE-2022-1619
Id:
CVE-2022-1619
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
Comment
: Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 (CONFIRM)
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (MISC)
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://security.netapp.com/advisory/ntap-20220930-0007/ (CONFIRM)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-e92c3ce170 ()
FEDORA-2022-f0db3943d9 ()
FEDORA-2022-8df66cdbef ()
CVE: CVE-2022-1620
CVE: CVE-2022-1620
Id:
CVE-2022-1620
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620
Comment
: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51 (CONFIRM)
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-e92c3ce170 ()
FEDORA-2022-f0db3943d9 ()
FEDORA-2022-8df66cdbef ()
CVE: CVE-2022-1720
CVE: CVE-2022-1720
Id:
CVE-2022-1720
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1720
Comment
: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
126 (Buffer Over-read)
References:
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (MISC)
https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 (CONFIRM)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213443 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-1733
CVE: CVE-2022-1733
Id:
CVE-2022-1733
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a (CONFIRM)
https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-d6d1ac4ca7 ()
FEDORA-2022-74b9e404c1 ()
FEDORA-2022-d044e7e0b4 ()
CVE: CVE-2022-1735
CVE: CVE-2022-1735
Id:
CVE-2022-1735
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1735
Comment
: Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (MISC)
https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 (CONFIRM)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-1771
CVE: CVE-2022-1771
Id:
CVE-2022-1771
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1771
Comment
: Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
674 (Uncontrolled Recursion)
References:
https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb (CONFIRM)
https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-1785
CVE: CVE-2022-1785
Id:
CVE-2022-1785
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785
Comment
: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 (CONFIRM)
https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (MISC)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-1796
CVE: CVE-2022-1796
Id:
CVE-2022-1796
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1796
Comment
: Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (MISC)
https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-1851
CVE: CVE-2022-1851
Id:
CVE-2022-1851
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (MISC)
https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d (CONFIRM)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-5ce148636b ()
FEDORA-2022-d94440bf0e ()
FEDORA-2022-bb2daad935 ()
CVE: CVE-2022-1897
CVE: CVE-2022-1897
Id:
CVE-2022-1897
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
Comment
: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 (CONFIRM)
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-5ce148636b ()
FEDORA-2022-d94440bf0e ()
FEDORA-2022-bb2daad935 ()
CVE: CVE-2022-1898
CVE: CVE-2022-1898
Id:
CVE-2022-1898
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
Comment
: Use After Free in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (MISC)
https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea (CONFIRM)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-5ce148636b ()
FEDORA-2022-d94440bf0e ()
FEDORA-2022-bb2daad935 ()
CVE: CVE-2022-1927
CVE: CVE-2022-1927
Id:
CVE-2022-1927
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927
Comment
: Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
126 (Buffer Over-read)
References:
https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777 (CONFIRM)
https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-5ce148636b ()
FEDORA-2022-d94440bf0e ()
FEDORA-2022-bb2daad935 ()
CVE: CVE-2022-1968
CVE: CVE-2022-1968
Id:
CVE-2022-1968
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1968
Comment
: Use After Free in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b (CONFIRM)
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (MISC)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-2124
CVE: CVE-2022-2124
Id:
CVE-2022-2124
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
Comment
: Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
126 (Buffer Over-read)
References:
https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (MISC)
https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 (CONFIRM)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213443 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2125
CVE: CVE-2022-2125
Id:
CVE-2022-2125
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 (CONFIRM)
https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (MISC)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213443 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2126
CVE: CVE-2022-2126
Id:
CVE-2022-2126
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2126
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (MISC)
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e (CONFIRM)
[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update (MLIST)
GLSA-202208-32 (GENTOO)
https://support.apple.com/kb/HT213488 (CONFIRM)
https://support.apple.com/kb/HT213443 (CONFIRM)
https://support.apple.com/kb/HT213444 (CONFIRM)
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 (FULLDISC)
20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 (FULLDISC)
20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2129
CVE: CVE-2022-2129
Id:
CVE-2022-2129
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129
Comment
: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 (CONFIRM)
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (MISC)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2175
CVE: CVE-2022-2175
Id:
CVE-2022-2175
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2175
Comment
: Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e (MISC)
https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2182
CVE: CVE-2022-2182
Id:
CVE-2022-2182
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2182
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e (MISC)
https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2183
CVE: CVE-2022-2183
Id:
CVE-2022-2183
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2183
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa (MISC)
https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2206
CVE: CVE-2022-2206
Id:
CVE-2022-2206
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2206
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668 (CONFIRM)
https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2207
CVE: CVE-2022-2207
Id:
CVE-2022-2207
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9 (CONFIRM)
https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2208
CVE: CVE-2022-2208
Id:
CVE-2022-2208
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2208
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (MISC)
https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2210
CVE: CVE-2022-2210
Id:
CVE-2022-2210
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2210
Comment
: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25 (CONFIRM)
https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2231
CVE: CVE-2022-2231
Id:
CVE-2022-2231
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2231
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 (CONFIRM)
https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-719f3ec21b ()
FEDORA-2022-bb7f3cacbf ()
CVE: CVE-2022-2257
CVE: CVE-2022-2257
Id:
CVE-2022-2257
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2257
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (MISC)
https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2264
CVE: CVE-2022-2264
Id:
CVE-2022-2264
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2264
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05 (MISC)
https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2284
CVE: CVE-2022-2284
Id:
CVE-2022-2284
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2284
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874 (CONFIRM)
https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2285
CVE: CVE-2022-2285
Id:
CVE-2022-2285
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
Comment
: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (MISC)
https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736 (CONFIRM)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2286
CVE: CVE-2022-2286
Id:
CVE-2022-2286
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2286
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8 (CONFIRM)
https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2287
CVE: CVE-2022-2287
Id:
CVE-2022-2287
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2287
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774 (MISC)
https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2304
CVE: CVE-2022-2304
Id:
CVE-2022-2304
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
Comment
: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (MISC)
https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a (CONFIRM)
GLSA-202208-32 (GENTOO)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b06fbea2c7 ()
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2343
CVE: CVE-2022-2343
Id:
CVE-2022-2343
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2343
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5 (CONFIRM)
https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2344
CVE: CVE-2022-2344
Id:
CVE-2022-2344
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2344
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92 (MISC)
https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996 (CONFIRM)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2345
CVE: CVE-2022-2345
Id:
CVE-2022-2345
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2345
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f (CONFIRM)
https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea (MISC)
GLSA-202208-32 (GENTOO)
GLSA-202305-16 (GENTOO)
FEDORA-2022-9d7a58e376 ()
CVE: CVE-2022-2522
CVE: CVE-2022-2522
Id:
CVE-2022-2522
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (MISC)
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 (CONFIRM)
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/ (MISC)
https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e (MISC)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-2571
CVE: CVE-2022-2571
Id:
CVE-2022-2571
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2571
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (MISC)
https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571 (CONFIRM)
CVE: CVE-2022-2580
CVE: CVE-2022-2580
Id:
CVE-2022-2580
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2580
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249 (CONFIRM)
https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d (MISC)
CVE: CVE-2022-2581
CVE: CVE-2022-2581
Id:
CVE-2022-2581
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2581
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b (CONFIRM)
https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 (MISC)
CVE: CVE-2022-2598
CVE: CVE-2022-2598
Id:
CVE-2022-2598
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2598
Comment
: Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (MISC)
https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e (CONFIRM)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
CVE: CVE-2022-2816
CVE: CVE-2022-2816
Id:
CVE-2022-2816
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
Comment
: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666 (MISC)
https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58 (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-6f5e420e52 ()
CVE: CVE-2022-2817
CVE: CVE-2022-2817
Id:
CVE-2022-2817
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20 (MISC)
https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-6f5e420e52 ()
CVE: CVE-2022-2819
CVE: CVE-2022-2819
Id:
CVE-2022-2819
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 (CONFIRM)
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 (MISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-6f5e420e52 ()
CVE: CVE-2022-2845
CVE: CVE-2022-2845
Id:
CVE-2022-2845
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2845
Comment
: Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
1284 ()
References:
https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445 (CONFIRM)
https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (MISC)
GLSA-202305-16 (GENTOO)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/ (MISC)
CVE: CVE-2022-2849
CVE: CVE-2022-2849
Id:
CVE-2022-2849
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2849
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e (CONFIRM)
https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (MISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-2862
CVE: CVE-2022-2862
Id:
CVE-2022-2862
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2862
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0221.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (MISC)
https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765 (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-2874
CVE: CVE-2022-2874
Id:
CVE-2022-2874
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2874
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (MISC)
https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79 (CONFIRM)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-2889
CVE: CVE-2022-2889
Id:
CVE-2022-2889
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (MISC)
https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-3b33d04743 ()
CVE: CVE-2022-2923
CVE: CVE-2022-2923
Id:
CVE-2022-2923
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 (CONFIRM)
https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e (MISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-3b33d04743 ()
CVE: CVE-2022-2946
CVE: CVE-2022-2946
Id:
CVE-2022-2946
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0246.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 (CONFIRM)
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (MISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-3b33d04743 ()
CVE: CVE-2022-2980
CVE: CVE-2022-2980
Id:
CVE-2022-2980
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2980
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1 (MISC)
https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-2982
CVE: CVE-2022-2982
Id:
CVE-2022-2982
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0260.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (MISC)
https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-3016
CVE: CVE-2022-3016
Id:
CVE-2022-3016
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 (CONFIRM)
https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 (MISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-3037
CVE: CVE-2022-3037
Id:
CVE-2022-3037
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 (CONFIRM)
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (MISC)
FEDORA-2022-221bd89404 ()
FEDORA-2022-35d9bdb7dc ()
FEDORA-2022-b9edf60581 ()
CVE: CVE-2022-3099
CVE: CVE-2022-3099
Id:
CVE-2022-3099
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e (CONFIRM)
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (MISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-b9edf60581 ()
FEDORA-2022-3f5099bcc9 ()
FEDORA-2022-c28b637883 ()
CVE: CVE-2022-3134
CVE: CVE-2022-3134
Id:
CVE-2022-3134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0389.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (MISC)
https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc (CONFIRM)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-3153
CVE: CVE-2022-3153
Id:
CVE-2022-3153
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a (CONFIRM)
https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de (MISC)
GLSA-202305-16 (GENTOO)
CVE: CVE-2022-3234
CVE: CVE-2022-3234
Id:
CVE-2022-3234
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
Comment
: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (MISC)
https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da (CONFIRM)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3235
CVE: CVE-2022-3235
Id:
CVE-2022-3235
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3235
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af (CONFIRM)
https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (MISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3278
CVE: CVE-2022-3278
Id:
CVE-2022-3278
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3278
Comment
: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e (MISC)
https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3296
CVE: CVE-2022-3296
Id:
CVE-2022-3296
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
Comment
: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (MISC)
https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3297
CVE: CVE-2022-3297
Id:
CVE-2022-3297
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3297
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (MISC)
https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c (CONFIRM)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3324
CVE: CVE-2022-3324
Id:
CVE-2022-3324
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3324
Comment
: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c (CONFIRM)
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (MISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3352
CVE: CVE-2022-3352
Id:
CVE-2022-3352
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3352
Comment
: Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60 (CONFIRM)
https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (MISC)
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update (MLIST)
GLSA-202305-16 (GENTOO)
FEDORA-2022-40161673a3 ()
FEDORA-2022-fff548cfab ()
FEDORA-2022-4bc60c32a2 ()
CVE: CVE-2022-3705
CVE: CVE-2022-3705
Id:
CVE-2022-3705
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3705
Comment
: A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (MISC)
https://vuldb.com/?id.212324 (MISC)
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update (MLIST)
https://security.netapp.com/advisory/ntap-20221223-0004/ (CONFIRM)
https://support.apple.com/kb/HT213605 (CONFIRM)
20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2 (FULLDISC)
GLSA-202305-16 (GENTOO)
FEDORA-2022-06e4f1dd58 ()
FEDORA-2022-3d354ef0fb ()
FEDORA-2022-4bc60c32a2 ()
Content available only for registered users!
ovaldb@altx-soft.com