SUSE update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 106 |
| CVE-ID | CVE-2009-0316 CVE-2016-1248 CVE-2017-17087 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 |
| CWE-ID | CWE-426 CWE-20 CWE-200 CWE-190 CWE-122 CWE-416 CWE-457 CWE-787 CWE-125 CWE-476 CWE-119 CWE-823 CWE-120 CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
SUSE OpenStack Cloud Crowbar Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system vim-debugsource Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component vim Operating systems & Components / Operating system package or component gvim-debuginfo Operating systems & Components / Operating system package or component gvim Operating systems & Components / Operating system package or component vim-data-common Operating systems & Components / Operating system package or component vim-data Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 106 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU70497
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2009-0316
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted search path in src/if_python.c in the Python interface in Vim. A local user can place a malicious python file in a directory and trick the victim to open a file in that directory.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU33140
Risk: High
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-1248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
im before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Information disclosure
EUVDB-ID: #VU31389
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17087
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU33443
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-5953
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU33442
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-5953
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU33447
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6349
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU33446
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6349
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU33141
Risk: Medium
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6350
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when reading undo files. A remote attacker can trick the victim to open a specially crafted undo file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU63063
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3778
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU63065
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU63059
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3872
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU63066
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3875
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU63060
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3903
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU63057
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of Uninitialized Variable
EUVDB-ID: #VU63052
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3928
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to parsing uninitialized variable. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU63047
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3968
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Heap-based buffer overflow
EUVDB-ID: #VU63051
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3973
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU63058
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Heap-based buffer overflow
EUVDB-ID: #VU63049
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3984
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds write
EUVDB-ID: #VU63048
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4019
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU60795
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU60794
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4136
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU60793
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4166
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU60790
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4192
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU60789
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4193
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU61332
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46059
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_multi() function in regexp.c in Vim. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU60788
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0128
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Heap-based buffer overflow
EUVDB-ID: #VU60768
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0213
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Heap-based buffer overflow
EUVDB-ID: #VU60769
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0261
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Heap-based buffer overflow
EUVDB-ID: #VU60770
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0318
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU60787
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0319
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU60771
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0351
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Heap-based buffer overflow
EUVDB-ID: #VU60772
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0359
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Heap-based buffer overflow
EUVDB-ID: #VU60786
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0361
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when copying lines in Visual mode. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Heap-based buffer overflow
EUVDB-ID: #VU60783
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0392
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Heap-based buffer overflow
EUVDB-ID: #VU60782
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0407
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU60780
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0413
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when using freed memory when substitute with function call . A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU60773
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Vim when switching tabpage while in the cmdline window. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds write
EUVDB-ID: #VU63045
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1381
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU63044
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1420
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service on the target application.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a use of out-of-range pointer offset and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Heap-based buffer overflow
EUVDB-ID: #VU63042
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1616
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Heap-based buffer overflow
EUVDB-ID: #VU62875
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1619
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data in the cmdline_erase_chars() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU62876
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1620
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_string() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger NULL pointer dereference error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU64714
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1720
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in normal.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Heap-based buffer overflow
EUVDB-ID: #VU63492
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1733
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in skip_string() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU63489
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1735
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in utfc_ptr2len() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Stack-based buffer overflow
EUVDB-ID: #VU63488
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1771
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when providing certain input. A remote attacker can trigger stack-based buffer overflow and perform a denial of service attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds write
EUVDB-ID: #VU63487
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1785
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code
The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU63485
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU64505
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds write
EUVDB-ID: #VU64506
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1897
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU64509
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU64508
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1927
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU64720
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1968
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in search.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU64718
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in textobject.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Heap-based buffer overflow
EUVDB-ID: #VU64717
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2125
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in indent.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU64716
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2126
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in spellsuggest.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds write
EUVDB-ID: #VU64715
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2129
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds read
EUVDB-ID: #VU64713
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2175
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ex_getln.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Heap-based buffer overflow
EUVDB-ID: #VU64712
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2182
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Out-of-bounds read
EUVDB-ID: #VU64711
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2183
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in indent.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Out-of-bounds read
EUVDB-ID: #VU64710
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2206
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in term.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Heap-based buffer overflow
EUVDB-ID: #VU64709
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2207
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in edit.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU64708
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in diff.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Out-of-bounds write
EUVDB-ID: #VU64707
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2210
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in diff.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) NULL pointer dereference
EUVDB-ID: #VU65416
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in skipwhite() function at charset.c:1428. A remote attacker can trick the victim into opening a specially crafted file to perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Out-of-bounds read
EUVDB-ID: #VU65415
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2257
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in msg_outtrans_special() function at message.c:1716. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Heap-based buffer overflow
EUVDB-ID: #VU65414
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2264
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Heap-based buffer overflow
EUVDB-ID: #VU65412
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2284
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in utfc_ptr2len() function at mbyte.c:2113. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Integer overflow
EUVDB-ID: #VU65411
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2285
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in del_typebuf() function at getchar.c:1204. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU65409
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2286
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ins_bytes() function at change.c:968. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Out-of-bounds read
EUVDB-ID: #VU65408
Risk: High
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2287
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in suggest_trie_walk() function abusing array byts in line spellsuggest.c:1925. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Stack-based buffer overflow
EUVDB-ID: #VU65395
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2304
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in spell_dump_compl() function at spell.c:4038. A remote unauthenticated attacker can trick the victim into opening a specially crafted file to trigger stack-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Heap-based buffer overflow
EUVDB-ID: #VU65420
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2343
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Heap-based buffer overflow
EUVDB-ID: #VU65418
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2344
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU65394
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2345
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in function skipwhite at charset.c:1428. A remote attacker can trick the victim to open a specially crafted file and compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Heap-based buffer overflow
EUVDB-ID: #VU66637
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2522
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ins_compl_infercase_gettext() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Heap-based buffer overflow
EUVDB-ID: #VU66634
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2571
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the vim_iswordp_buf() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Heap-based buffer overflow
EUVDB-ID: #VU66636
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2580
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the eval_string() function in typval.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Out-of-bounds read
EUVDB-ID: #VU66635
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2581
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition within the utf_ptr2char() function in regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Heap-based buffer overflow
EUVDB-ID: #VU66633
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2598
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the diff_write_buffer() function in diff.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Out-of-bounds read
EUVDB-ID: #VU66626
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2816
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use-after-free
EUVDB-ID: #VU66627
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2817
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Heap-based buffer overflow
EUVDB-ID: #VU66628
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2819
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU66632
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2845
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Heap-based buffer overflow
EUVDB-ID: #VU66631
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2849
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU66630
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) NULL pointer dereference
EUVDB-ID: #VU66629
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU66669
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2889
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the find_var_also_in_script() function in evalvars.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU66785
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sug_filltree() function in spellfile.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU66784
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the vim_vsnprintf_typval() function in strings.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU66786
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2980
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the do_mouse() function in mouse.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU66787
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the qf_fill_buffer() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU66860
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the get_next_valid_entry() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use-after-free
EUVDB-ID: #VU67049
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3037
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the qf_buf_add_line() function. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU67050
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3099
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the do_cmdline() function in vim/src/ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU67159
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3134
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing files within the do_tag() function in vim/src/tag.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU67160
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regcomp() function in regexp.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Heap-based buffer overflow
EUVDB-ID: #VU67435
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3234
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the utfc_ptr2len() function at mbyte.c. A remote attacker can trick the victim to open a specially crafted fule, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU67625
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3235
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the getcmdline_int() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU67626
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3278
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in eval.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Buffer overflow
EUVDB-ID: #VU67658
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3296
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files within the ex_finally() function in ex_eval.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use-after-free
EUVDB-ID: #VU67659
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3297
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the process_next_cpt_value() function in insexpand.c when processing files. A remote attacker can trick the victim to open a specially crafted flie, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Stack-based buffer overflow
EUVDB-ID: #VU68964
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3324
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling files within the win_redr_ruler(0 function in drawscreen.c. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use-after-free
EUVDB-ID: #VU68963
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3352
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling files
within the did_set_string_option() function in optionstr.c. A remote attacker
can trick the victim to open a specially crafted file, trigger a
use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Use-after-free
EUVDB-ID: #VU68962
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3705
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files within the qf_update_buffer() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
vim-debugsource: before 9.0.0814-17.9.1
vim-debuginfo: before 9.0.0814-17.9.1
vim: before 9.0.0814-17.9.1
gvim-debuginfo: before 9.0.0814-17.9.1
gvim: before 9.0.0814-17.9.1
vim-data-common: before 9.0.0814-17.9.1
vim-data: before 9.0.0814-17.9.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gvim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
