SUSE update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 45 |
| CVE-ID | CVE-2017-17087 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 |
| CWE-ID | CWE-200 CWE-122 CWE-416 CWE-457 CWE-787 CWE-125 CWE-476 CWE-119 CWE-823 CWE-120 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Module for Desktop Applications Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system vim-data-common Operating systems & Components / Operating system package or component vim-data Operating systems & Components / Operating system package or component vim-small-debuginfo Operating systems & Components / Operating system package or component vim-small Operating systems & Components / Operating system package or component vim-debugsource Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component vim Operating systems & Components / Operating system package or component gvim-debuginfo Operating systems & Components / Operating system package or component gvim Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 45 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU31389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17087
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU63063
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3778
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU63065
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU63059
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3872
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU63066
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3875
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU63060
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3903
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU63057
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of Uninitialized Variable
EUVDB-ID: #VU63052
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3928
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to parsing uninitialized variable. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU63047
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3968
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU63051
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3973
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU63058
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU63049
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3984
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU63048
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4019
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU60795
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU60794
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4136
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU60793
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4166
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU60790
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4192
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU60789
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4193
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU61332
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46059
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_multi() function in regexp.c in Vim. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU60788
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0128
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Heap-based buffer overflow
EUVDB-ID: #VU60768
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0213
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU60769
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0261
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Heap-based buffer overflow
EUVDB-ID: #VU60770
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0318
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU60787
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0319
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU60771
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0351
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Heap-based buffer overflow
EUVDB-ID: #VU60772
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0359
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Heap-based buffer overflow
EUVDB-ID: #VU60786
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0361
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when copying lines in Visual mode. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Heap-based buffer overflow
EUVDB-ID: #VU60783
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0392
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Heap-based buffer overflow
EUVDB-ID: #VU60782
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0407
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU60780
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0413
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when using freed memory when substitute with function call . A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU60773
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Vim when switching tabpage while in the cmdline window. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds write
EUVDB-ID: #VU63045
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1381
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU63044
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1420
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service on the target application.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a use of out-of-range pointer offset and crash the application.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Heap-based buffer overflow
EUVDB-ID: #VU63042
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1616
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Heap-based buffer overflow
EUVDB-ID: #VU62875
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1619
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data in the cmdline_erase_chars() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU62876
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1620
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_string() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger NULL pointer dereference error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Heap-based buffer overflow
EUVDB-ID: #VU63492
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1733
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in skip_string() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU63489
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1735
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in utfc_ptr2len() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Stack-based buffer overflow
EUVDB-ID: #VU63488
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1771
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when providing certain input. A remote attacker can trigger stack-based buffer overflow and perform a denial of service attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds write
EUVDB-ID: #VU63487
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1785
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code
The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU63485
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU64505
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds write
EUVDB-ID: #VU64506
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1897
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU64509
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU64508
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1927
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.1 - 4.2
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1 - 4.2
SUSE Linux Enterprise Server for SAP: 15 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE Enterprise Storage: 6 - 7
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data-common: before 8.2.5038-150000.5.21.1
vim-data: before 8.2.5038-150000.5.21.1
vim-small-debuginfo: before 8.2.5038-150000.5.21.1
vim-small: before 8.2.5038-150000.5.21.1
vim-debugsource: before 8.2.5038-150000.5.21.1
vim-debuginfo: before 8.2.5038-150000.5.21.1
vim: before 8.2.5038-150000.5.21.1
gvim-debuginfo: before 8.2.5038-150000.5.21.1
gvim: before 8.2.5038-150000.5.21.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20222102-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
