The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3182 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3182-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     November 08, 2022                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : vim     Version        : 2:8.1.0875-5+deb10u3     CVE ID         : CVE-2021-3927 CVE-2021-3928 CVE-2021-3974 CVE-2021-3984                      CVE-2021-4019 CVE-2021-4069 CVE-2021-4192 CVE-2021-4193                      CVE-2022-0213 CVE-2022-0261 CVE-2022-0319 CVE-2022-0351                      CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408                      CVE-2022-0413 CVE-2022-0417 CVE-2022-0443 CVE-2022-0554                      CVE-2022-0572 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729                      CVE-2022-0943 CVE-2022-1154 CVE-2022-1616 CVE-2022-1720                      CVE-2022-1851 CVE-2022-1898 CVE-2022-1968 CVE-2022-2285                      CVE-2022-2304 CVE-2022-2598 CVE-2022-2946 CVE-2022-3099                      CVE-2022-3134 CVE-2022-3234 CVE-2022-3324 CVE-2022-3705

    Multiple security vulnerabilities have been discovered in vim, an enhanced     vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to     a denial-of-service (application crash) or other unspecified impact.

    For Debian 10 buster, these problems have been fixed in version     2:8.1.0875-5+deb10u3.

    We recommend that you upgrade your vim packages.

    For the detailed security status of vim please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/vim

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3182 : vim - security update

high Nessus Plugin ID 167256

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.8 Jan 22, 2025, 8:38 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501222038
Version 1.7 Oct 5, 2023, 4:14 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310051614
Version 1.6 Mar 23, 2023, 8:46 PM IAVM reference Plugin Feed: 202303232046
Version 1.5 Mar 10, 2023, 10:21 AM IAVM reference Plugin Feed: 202303101021
Version 1.4 Dec 15, 2022, 4:16 PM IAVM reference Plugin Feed: 202212151616
Version 1.3 Nov 17, 2022, 9:58 PM IAVM reference STIG Severity Plugin Feed: 202211172158
Version 1.2 Nov 10, 2022, 7:52 PM New Plugin Feed: 202211101952