Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-025 advisory.

    A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and     leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-0393)

    A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell     suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0408)

    A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a     recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to     input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)

    A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer     overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code     execution. (CVE-2022-0417)

    A flaw was found in vim. The vulnerability occurs due to using freed memory which results in a use-after-     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-0443)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the vim package has been released.

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6195-1 advisory.

    It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use     this issue to cause a denial of service or

    execute arbitrary code. (CVE-2022-0128)

    It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0156)

    It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)

    It was discovered that Vim did not properly manage memory when recording and using select mode. An     attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)

    It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An     attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
    (CVE-2022-0407)

    It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An     attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-155 advisory.

    A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The     issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a     user into opening a specially crafted file, triggering use-after-free that causes an application to crash,     possibly executing code and corrupting memory. (CVE-2022-3099)

    A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue     triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly     executing code and corrupting memory. (CVE-2022-3134)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-077 advisory.

    A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and     leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-0393)

    A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell     suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0408)

    A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a     recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to     input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)

    A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer     overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code     execution. (CVE-2022-0417)

    A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an     attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0554)

    A heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file. This flaw     occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted     file triggering a heap-overflow. (CVE-2022-0572)

    A stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc() function of src/testing.c     file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-     overflow. This issue can lead to an application crash, causing a denial of service. (CVE-2022-0629)

    A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character     and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-0685)

    A NULL pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file. This flaw     allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference.
    This issue leads to an application crash, causing a denial of service. (CVE-2022-0696)

    A heap-buffer-overflow flaw was found in vim's win_lbr_chartabsize() function of charset.c file. The issue     occurs due to an incorrect 'vartabstop' value. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap-overflow, and can cause an application to crash, eventually     leading to a denial of service. (CVE-2022-0714)

    A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and     strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0729)

    A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file.
    This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and     causing an application to crash, which leads to a denial of service. (CVE-2022-0943)

    A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file.
    This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash, possibly executing code and corrupting memory.
    (CVE-2022-1154)

    A heap buffer overflow flaw was found in vim's get_one_sourceline() function of scriptfile.c file. This     flaw occurs when source can read past the end of the copied line. This flaw allows an attacker to trick a     user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which     leads to a denial of service. (CVE-2022-1160)

    A global heap buffer overflow vulnerability was found in vim's skip_range() function of the src/ex_docmd.c     file. This flaw occurs because vim uses an invalid pointer with V: in Ex mode. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash, leading to a denial of service. (CVE-2022-1381)

    A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name,     triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into     opening a crafted script containing an argument as a number and then using it as a string pointer to     access any memory location, causing an application to crash and possibly access some memory.
    (CVE-2022-1420)

    References to CVE-2022-0443 have been removed after the original release of this advisory, as we have     determined that the code within this vim version was fixed in a prior update.

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202208-32 (Vim, gVim: Multiple Vulnerabilities)

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3770, CVE-2021-3778, CVE-2021-3872,     CVE-2021-3875, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136,     CVE-2022-0158, CVE-2022-0213)

  - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4173,     CVE-2021-4187, CVE-2021-4192, CVE-2022-0156)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

  - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by     its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-46059)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359,     CVE-2022-0361, CVE-2022-0407, CVE-2022-1886, CVE-2022-1942, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

  - Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-0368, CVE-2022-0393,     CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

  - Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0408, CVE-2022-0629)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-0443, CVE-2022-1898,     CVE-2022-1968, CVE-2022-2042)

  - Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. (CVE-2022-0417)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. (CVE-2022-0554)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. (CVE-2022-0685)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. (CVE-2022-0714)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. (CVE-2022-0729)

  - Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. (CVE-2022-0943)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim     prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129, CVE-2022-2210)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)

  - Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1805 advisory.

    A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and     leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-0393)

    A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell     suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0408)

    A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a     recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to     input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)

    A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer     overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code     execution. (CVE-2022-0417)

    A flaw was found in vim. The vulnerability occurs due to using freed memory which results in a use-after-     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-0443)

    A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an     attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0554)

    A heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file. This flaw     occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted     file triggering a heap-overflow. (CVE-2022-0572)

    A stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc() function of src/testing.c     file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-     overflow. This issue can lead to an application crash, causing a denial of service. (CVE-2022-0629)

    A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character     and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-0685)

    A NULL pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file. This flaw     allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference.
    This issue leads to an application crash, causing a denial of service. (CVE-2022-0696)

    A heap-buffer-overflow flaw was found in vim's win_lbr_chartabsize() function of charset.c file. The issue     occurs due to an incorrect 'vartabstop' value. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap-overflow, and can cause an application to crash, eventually     leading to a denial of service. (CVE-2022-0714)

    A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and     strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0729)

    A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file.
    This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and     causing an application to crash, which leads to a denial of service. (CVE-2022-0943)

    A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file.
    This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash, possibly executing code and corrupting memory.
    (CVE-2022-1154)

    A heap buffer overflow flaw was found in vim's get_one_sourceline() function of scriptfile.c file. This     flaw occurs when source can read past the end of the copied line. This flaw allows an attacker to trick a     user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which     leads to a denial of service. (CVE-2022-1160)

    A global heap buffer overflow vulnerability was found in vim's skip_range() function of the src/ex_docmd.c     file. This flaw occurs because vim uses an invalid pointer with V: in Ex mode. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash, leading to a denial of service. (CVE-2022-1381)

    A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name,     triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into     opening a crafted script containing an argument as a number and then using it as a string pointer to     access any memory location, causing an application to crash and possibly access some memory.
    (CVE-2022-1420)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1579 advisory.

    A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and     leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-0393)

    A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell     suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0408)

    A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a     recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to     input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)

    A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer     overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code     execution. (CVE-2022-0417)

    A flaw was found in vim. The vulnerability occurs due to using freed memory which results in a use-after-     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-0443)

    A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an     attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0554)

    A heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file. This flaw     occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted     file triggering a heap-overflow. (CVE-2022-0572)

    A stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc() function of src/testing.c     file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-     overflow. This issue can lead to an application crash, causing a denial of service. (CVE-2022-0629)

    A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character     and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-0685)

    A NULL pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file. This flaw     allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference.
    This issue leads to an application crash, causing a denial of service. (CVE-2022-0696)

    A heap-buffer-overflow flaw was found in vim's win_lbr_chartabsize() function of charset.c file. The issue     occurs due to an incorrect 'vartabstop' value. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap-overflow, and can cause an application to crash, eventually     leading to a denial of service. (CVE-2022-0714)

    A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and     strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-0729)

    A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file.
    This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and     causing an application to crash, which leads to a denial of service. (CVE-2022-0943)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 34 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-48bf3cb1c4 advisory.

    Security fix for CVE-2022-0554

    ----

    Security fixes for CVE-2022-0714, CVE-2022-0729

    ----

    Security fix for CVE-2022-0696

    ----

    Security fix for CVE-2022-0629

    ----

    Security fix for CVE-2022-0572

    ----

    Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443

    ----

    Security fix for CVE-2022-0685




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
212489	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-025)	Nessus	Amazon Linux Local Security Checks	high
204080	Photon OS 3.0: Vim PHSA-2022-3.0-0380	Nessus	PhotonOS Local Security Checks	high
203437	Photon OS 4.0: Vim PHSA-2022-4.0-0161	Nessus	PhotonOS Local Security Checks	high
177891	Ubuntu 22.04 LTS : Vim vulnerabilities (USN-6195-1)	Nessus	Ubuntu Local Security Checks	high
173115	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)	Nessus	Amazon Linux Local Security Checks	critical
166352	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-155)	Nessus	Amazon Linux Local Security Checks	critical
164761	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-077)	Nessus	Amazon Linux Local Security Checks	high
164318	GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
161934	Amazon Linux 2 : vim (ALAS-2022-1805)	Nessus	Amazon Linux Local Security Checks	high
159555	Amazon Linux AMI : vim (ALAS-2022-1579)	Nessus	Amazon Linux Local Security Checks	high
158443	Fedora 34 : vim (2022-48bf3cb1c4)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2022-0393

high

Tenable Plugins

high

high

high

high

critical

critical

high

critical

high

high

high